UMASS/AMHERST 


Online  Government  in 
Massachusetts 


GOVERNi:LNT  DOCUMENTS 
COLLECTION 

SEP  0  1 1998 

University  cf  ^^assadiusetts 
Decosilory  Copy 


^  .  A  R00§  of  the  Massachusetts  Online 
V^^povehijment  Task  Force 


Marrh  18, 1998 


CommcHiwealth  of  Massachusetts 
Executive  Office  for  Administration  and  Finance 
Information  Technology  Di\ision 


I 
I 

I 
I 

I 
I 

c 

G 
G 

a 

G 

I 
1 

■ 

2 

m 

i 
I 

i 
I 
I 


ONLINE  GOVERNMENT  TASK  FORCE  MEMBERS 


Dan  Greenwood 

Information  Teclmolog)  Division 

Cliair 

George  McCartliy 

Division  of  Banks 

Ray  Campbell 

Information  Technolog>'  Division 

Sarah  Bourne 

Information  Technology  Division 

T  ■          H  if           '11'          J  J 

Jim  McGillicuddy 

Information  Technology  Division 

Jim  Belli 

Information  Technology  Division 

Ro\  Bean 

Information  Teclmolog\'  Division 

Claudia  Boldman 

Imonnation  Tecmiolog\  Division 

Christine  Swistro 

Office  of  the  Comptroller 

Gabe  Gagliano 

Office  of  tlie  Comptroller 

Timothy  Landy 

Operational  Senices  Division 

Larry  McConnell 

Registry'  of  Motor  Veliicles 

Dimitn  Petion 

Secretariat  of  Consumer  Affairs 

John  Shontell 

Secretariat  of  Consumer  Affairs 

The  Task  Force  would  like  to  acknowledge  the  contributions  of  tlie  Office  of  the  Secretar>'  of 
the  Commonwealth,  the  Department  of  Revenue,  tlie  Center  for  Infonnation  Teclmolog>  and 
Dispute  Resolution  of  the  Universit>  of  Massachusetts,  the  Massachusetts  Institute  of 
Technolog\  School  of  Architecture  and  Planning,  and  the  Massachusetts  Teclinology 
Collaborative.  In  addition,  we  are  grateful  for  tlie  many  reviews  and  suggestions  wliich  served 
to  impro\  e  the  final  report. 


I 

■ 
I 

D 
I 

II 
B 

D 
II 


TABLE  OF  CONTENTS 


Introduction  1 

PART  L  2 

Vision  2 

Guiding  Principles  6 

Recommendations  7 

PARTH  9 

Current  Status  of  Online  Government  In  Massachusetts  9 

Internal  Current  Computing  Environment  9 

Current  Online  Government  Initiatives  12 

Legislative  and  Policy  Issues  and  Initiatives  16 

Current  Available  Technology  20 

Technology  Matrix  20 

Analyzing  Security  and  Authentication  Needs  24 

Security  and  Authentication  Requirements  Matrix  26 

APPENDICES  27 

Appendix  A:  Online  Government  Task  Force  Mission  27 

Appendix  B:  Agency  Project  Survey  Form  and  Results  29 

Appendix  C:  Request  for  Information  35 

Appendix  D:  Electronic  Authentication  Primer  40 

Appendix  E:  ADA  and  Privacy  Policy  Discussions  47 


Digitized  by  the  Internet  Archive 

in  2014 


https://archive.org/details/onlinegovernmentOOmass 


Introduction 


I   "The  best  way  to  predict  the  future  is  to  invent  it.  " 
1  -  Alan  Kay,  inventor  of  the  Graphical  User  Interface 

The  Online  Government  Task  Force  was  established  by  the  Chief  Information  Officer  to  cliart 
the  immediate  future  course  of  online  government  in  tlie  Commonwealtli  of  Massachusetts. 
The  Task  Force  was  commissioned  to  furtlier  defme.  research  and  evaluate  tliese  issues  and  to 
recommend  a  path  forw  ard  to  realize  tlie  promise  of  online  government  for  tlie 
Commonwealtli.  Appendix  A  outlines  the  mission  of  the  Task  Force. 

Information  technology'  can  reduce  costs  and  enliance  service  quaht>'  of  govermnent  when 
implemented  correctly.  In  tliis  conte.xt.  "online  government"  means  tlie  use  of  network 
technologies  tliat  enable  users  to  access  information,  people  and  processes. 

Information  includes  tlie  range  of  public  records  as  w  ell  as  data  tliat  a  particular  user  has  a 
right  to  access  but  that  may  be  restncted  to  others.  Access  to  people  includes  the  abiht>  to 
communicate  with  public  employees.  Processes  includes  business  functions,  such  as  filings, 
apphcations  or  payments  as  well  as  democratic  processes,  such  as  participating  in  meetmgs. 
hearings  or  even  voting  from  a  distance. 

The  emergence  of  the  World  Wide  Web  and  web  browsers  has  provided  a  simple  yet 
pow  erful  interface  to  networks  of  computers.  This  interface  created  an  opportunity  to  open  a 
wide  range  of  government  data  and  operations  to  users  witli  unprecedented  ease  and 
effectiveness.  However,  opening  government  for  online  access  requires  analysis  of  several 
business,  technical,  legal  and  polic\  issues. 

Tliis  report  consists  of  two  parts.  Part  I  distills  tlie  research  and  discussions  of  tlie  Task  Force 
into  a  Vision  for  online  government  in  Massachusetts.  Guiding  Principles  and 
Recommendations  for  implementation.  Part  II  provides  more  detailed  backgromid  information 
and  research  conducted  by  the  Task  Force.  The  Current  Status  section  provides  information 
on  the  current  technical  environment,  current  department  online  government  initiatives, 
legislative  and  polic>  initiatives,  and  industry  and  academic  collaboration.  Tlie  next  section. 
Current  Available  Technolog>',  gives  the  results  of  the  Request  for  Infonnation  initiated  by 
the  Task  Force  and  suggests  an  approach  for  analyzing  security  and  authentication  needs.  Tlie 
enclosed  appendices  provide  more  in-depth  information  about  topics  highliglited  in  the  report. 


Page  1 


p 

p 

II 

U 

II 

n 
I 

! 
( 
( 
( 
( 
I 
( 


PART  I 


Vision 


I"]  'irtuallv  every  public  policy  area  is  going  to  be  affected  in  this  new 
Information  Age  -  from  security,  privacy,  intellectual  property,  copyright 
protection,  universal  access  to  how  bit  flows  are  taxed  across  networks  that 
largely  ignore  any  kind  of  political  border  Companies  are  going  to  im>est  and 
knowledge  workers  are  going  to  move  to  those  governments  who  create  an 
environment  where  this  electronic  commerce  can  flourish.  " 
-  Janet  Caldow,  Director,  Institute  for  Electronic  Government 

All  business  and  interaction  that  can  be  performed  at  less  cost  and/or  at  a  higher  service 
quaht>'  if  done  electronically  should  be  implemented  online.  This  has  been  the  guiding 
principle  of  the  Online  Govenunent  Task  Force  The  information  age  affords  opportunities 
and  risks.  Some  of  the  risks  include:  developing  systems  that  can  violate  privacy  interests, 
settmg  govenunent  policies  that  damage  the  growth  of  the  young  electronic  commerce 
marketplace,  or  unwisely  spending  substantial  sums  of  public  money  on  technical  solutions 
that  are  not  based  on  business  need  or  are  otherwise  wasteful.  Tlie  opportumt\  is  to  embrace 
online  technologies  that  enable  better  government.  In  this  context,  better  government  means: 


Less: 

More: 

costly 

efficient 

distant 

accessible 

confusing 

navigable 

plodding 

rapid 

conflicting 

consistent 

eiTor  prone 

reliable 

bureaucratic 

responsive 

Efficient 

E.xisting  paper  processes  incur  a  range  of  cost,  not  all  of  which  are  obvious.  Distribution, 
delay,  archiving  and  access  difficulties  are  all  characteristic  of  paper-intensive  work. 
Government  is  notorious  for  paper  work,  and  Massachusetts  government  is  no  exception. 
Government  has  a  duty  to  the  citizens  in  general,  and  to  the  ta.xpayers  in  particular  to 
eliminate  waste,  fraud,  duphcation  and  undue  delay  in  public  processes.  Wise  use  of 
information  technology  to  enable  onhne  government  can  serve  the  purpose  of  delivering 
legitimate  government  services  at  minimum  cost. 

While  important,  cost  reductions  are  onh  part  of  the  formula  for  a  successful  online 
government.  When  implemented  properly,  online  govermnent  enliances  tlie  quaht)  of  sen  ice 
to  citizens,  businesses,  vendors  and  others  tliat  interact  witli  tlie  state. 


Accessible 

There  should  not  be  a  single  public  agency  without  a  web  presence  of  some  kind.  Eventually, 
every  mteraction  and  service  should  be  available  onhne  in  addition  to.  or  instead  of.  tlie 
traditional  paper  fonn. 

The  Internet  and  World  Wide  Web  have  enabled  access  to  sen-ices  "on-demand."  Accessible 
government  is  a  key  potential  benefit  of  online  teclmologies.  To  cite  a  simple  example,  it  is 
reasonable  to  assume  that  the  individual  ordering  fishing  gear  from  L.L.Bean  at  nudnight 


Page  2 


p 

p 
p 

p 
p 
p 
p 

p 

II 
II 

I 


might  also  uant  to  obtain  a  fisliing  license  from  tlie  Commonwealth  -  and  so  tlie  demand  is 
created  for  tlie  same  sort  of  convenient,  fle>dble  serv  ices  from  govenunent  as  from  pn\  ate 
entities.  Accessibilm  can  be  an  e\'en  more  fundamental  tool  for  good  go\emance  when  made 
a\  ailable  for  people  who  can  not  physically  come  to  tlie  government  due  to  distance,  handicap 
or  other  obstacles. 

Government  on-demand  will  cause  a  transformation  of  the  citizen/government, 
business/government  and  govemment/govemment  relationships  New  networks  for 
information  access  and  feedback  will  be  created  w  here  customization  replaces 
standardization,  business  becomes  streamhned  -  many  services  can  be  accessed  via  a  common 
■point  of  entr\  ■  rather  than  via  numerous  entr>  points,  flat  organizations  replace  hierarchies, 
timely  feedback  replaces  long  response  times,  simple  processes  replace  complex,  bureaucratic 
ones.  With  the  essential  pieces  of  the  business,  technical  and  polic>'  structures  in  place,  the 
state  can  become  a  collaborative  inter-networked  organization  spanning  state  and  local 
go\  emments.  schools,  libraries,  businesses,  healtli  care  and  other  sectors.  Ser\  ices  are 
delivered  to  citizens  where  tliey  want  it  —  at  home,  at  school,  in  the  workplace,  at  public 
access  points  -  an>'where. 

Navigable 

Once  government  sen  ices  and  other  interactions  are  a\  ailable  online,  another  critical  quaht\ 
factor  will  be  the  navigabilit>  of  those  sites.  The  larger  or  more  complex  oiihne  interactions 
become,  the  more  difficult  tliey  can  be  for  a  user  to  find,  sift  Uirough  and  complete.  Lack  of 
adequate  search  engines  or  more  sophisticated  customer-focused  navigation  tools  can  defeat 
tlie  entire  onhne  government  enterprise. 

E\  entiiall\  some  citizens  w  ill  need  to  communicate  witli  a  liv  e  human.  Online  s\  stems  tliat 
allow  users  to  communicate  witli  personnel  at  an  "electronic  help  desk"  will  also  be 
necessan. .  Such  onhne  help  desks  can  provide  more  robust  tools  for  assisting  users  - 
including  collaborative  web  browsing,  assistance  actually  filling  out  online  fonns.  avoiding 
simultaneous  voice  and  data  connections,  etc.  Navigational  tools,  including  live  help,  w  ill  be 
important  methods  of  delivering  data  and  services  that  are  simpler  to  locate  and  to  understand 
in  context. 


Rapid 

Unlike  the  paper-based  counterpart,  an  online  interaction  can  and  should  be  more  rapidly 
initiated  and  accomplished.  The  velocity  made  possible  by  online  government  should  be 
carefully  incorporated  into  tlie  design  and  planning  of  each  interaction  so  as  to  avoid  choke 
points  and  needless  delay  at  any  phase  of  the  life  cycle  of  the  interaction.  Eliminating  the 
paper  from  all  phases  of  a  given  system  can  increase  velocity. 

Consistent 

The  transition  to  online  government  will  further  expose  the  inconsistencies  among  existing 
government  activities  as  w  ell  as  among  newly  created  online  sv  stems.  The  act  of  making 
government  available  online  creates  a  transparencv  that  would  not  otherwise  e.vist.  The  online 
interface  of  government  must  present  a  "single  face"  of  government.  Just  as  paving  a  cow 
path  is  not  necessarily  wise  public  planning,  so  too  will  it  be  important  to  revisit  tlie 
assumptions  and  habits  underlying  current  public  activities  as  tlie  online  designs  are  being 
formed.  This  process  must  be  done  in  coordination  witli  all  agencies  so  as  to  assure  an  online 
presence  that  is  consistent  with  itself. 

The  risk  of  creating  "gov  emment  only"  solutions  that  require  installed  bases  or  practices  tliat 
are  inconsistent  with  or,  worse  yet,  in  conflict  with  private  electronic  commerce  practice  is 
serious.  Such  a  result  would  harm  development  of  a  critical  Massachusetts  and  national 
market  -  the  emerging  electronic  commerce  marketplace. 


Page  3 


p 
p 
p 
p 
p 
p 
p 
I 
I 
p 
I 

I 

I 
a 
I 
I 
I 
I 


A  business  or  citizen  who  is  deciding  what  electronic  commerce  tools  to  invest  in  should 
never  be  faced  with  a  choice  between  general  private  commercial  uses  and  different 
requirements  to  interact  witli  government.  However,  if  we  continue  to  track  closely  with 
emerging  standards  and  practices  in  tlie  private  sector,  tlien  government  can  actuall)  enhance 
the  growth  of  this  market  by  making  tlie  value  proposition  even  better  for  tlie  person  w  ho  uses 
electronic  commerce  tools  because  the  tools  will  work  equalh  for  all  tlieir  public  and  private 
sector  needs.  This  ultimately  redounds  to  tlie  benefit  of  govermnent  as  well,  because  it  will 
make  it  easier  for  online  government  applications  to  be  used  less  expensively  and  more 
widely. 

Ultimately,  the  qualit>'  of  serious  online  transactions  will  also  depend  on  minimum  base-line 
consistency  among  each  level  of  government  and  between  Uie  public  and  private  sectors.  For 
example,  the  authentication,  payment  and  interface  requirements  should  not  be  in  conflict. 

Reliable 

Tliough  some  reactively  feel  tliat  electronic  transactions  are  inherently  less  safe  than  paper- 
based  transactions,  in  fact,  when  implemented  soundly,  the  online  system  can  be  far  more 
reliable.  The  ability  to  detect,  and  correct  or  flag  errors  is  important.  Data  can  be  validated 
and  entered  automatically  into  databases  to  minimize  tlie  possibilit>'  of  data  entry  errors. 
Similarlj .  appropriate  levels  of  information  security  can  reduce  rates  of  crime  and  fraud 
perpetrated  upon  systems. 

Responsive 

Finally,  online  government  can  mean  greater  responsiveness  and  accountability  by  public 
servants  to  tlie  constituency.  The  management  and  technical  infrastructure  should  allow  more 
direct  communication  and  information  flow  with  the  constituent.  To  the  maximum  extent 
practicable,  rigid  and  bureaucratic  meclianisms  should  be  designed  out  of  the  online 
government  interaction.  Tlie  process  of  interaction  should  permit  more  options  and 
customization  for  constituent  needs,  treating  tlie  citizens  like  customers. 

Envision  the  following  scenarios 

For  the  Business  Partner  of  the  Commonwealth: 

Access  key  financial  data  -  such  as  Uie  status  of  a  payment  for  a  vendor,  or  the  status  of 
certain  accounts  -  via  a  secure  Web  front  end  to  a  back-end  system.  Online  payment  metliods 
are  both  accepted  and  available  tlirough  the  web.  The  risks  of  fraud  and  mistake  are  handled 
by  security  technologies  settled  by  the  partners  through  additional  agreements  specifying 
trade  practices. 

For  an  Organization  Doing  Business  in  the  Commonwealth 

All  tlie  forms,  information  and  contact  people  associated  with  a  regulation  or  a  transaction 
with  the  government  are  available  for  process  in  one  place  and  at  tlie  click  of  a  button.  You 
can  track  and  manage  the  progress  of  your  apphcation  or  other  transaction  Uirough  tlie 
government  process  via  online  media.  Tlie  fonns,  applications,  correspondence,  etc.  are 
signed  witli  a  digitized  signature  device  tliat  combines  biometric  data  witli  tlie  document  tliat 
invalidates  the  signature  if  any  change  is  made  in  Uie  document. 

For  a  Citizen  of  the  Commonwealth: 

Finding  out  about  meetings  and  hearings  that  affect  you  becomes  simple  and  you  can 
participate  online  without  having  to  actually  come  to  tlie  State  House  or  otlier  government 
facility'  in  person.  You  can  communicate  witli  public  officials  and  staff"  directly  in  a  Mrtual 
office  setting.  The  citizen  uses  the  same  smart  card,  or  public  key  digital  certificate,  or 
signature  digitizer  or  any  commercially  standard  security  device  tliat  tliey  use  in  pn\  ate 


Page  4 


transactions.  Tlie  government  solution  requires  no  hardware,  software  or  practices  that  differ 
from  the  citizens'  existing  installed  base  of  securit>  solutions. 


How  do  we  get  there? 

Realizing  the  vision  will  involve  building  a  stiordy  foundation.  This  foundation  will  have 
management  and  leadership  components,  polic\  components,  and  technolog>  components.  In 
addition,  in  order  to  fully  take  advantage  of  evolving  technological  capabilities  and  pro\  ide 
the  highest  levels  of  service  in  the  new  environment,  leaders  will  need  to  take  a  liard  look  at 
how  business  is  conducted  today  in  order  to  identify  how  it  might  be  improved. 


The  work  that  hes  ahead  includes: 


♦  building  a  "trustworthy"  infrastructiu-e  which  assm"es  authentication,  integrity, 
confidentialit> .  access  control  and  non-repudiation  of  transactions. 

♦  creating  the  human  infrastructiire  and  service  mechanisms  to  support  the  new 
"trustworthy"  infrastructure, 

♦  fostering  more  and  better  inter-organizational  communication  and  collaboration 
(state-to-state,  state  to  federal,  state  to  local), 

♦  creating  a  legal  environment  conducive  to  online  government  and  ehminating 
regulatory  barriers  to  electronic  commerce. 

♦  developing  administrative  controls  which  can  be  built  into  systems  as  simple 
rules  and  checks  to  replace  traditional  business  controls  which  will  be  lost  in 
automated  information/transaction  systems, 

♦  ensuring  new  systems  provide  ubiquitous  access,  consistent  interfaces  and 
requirements  ("one  face"),  ease  of  use.  and  are  interoperable. 


Page  5 


Guiding  Principles 

As  we  proceed  to  implement  our  vision  of  Online  Government,  our  work  should  be  guided  by 
the  following  principles: 

♦  Create  no  new  regulatory  or  bureaucratic  apparatus  (eliminate  existing  apparatus 
where  possible) 

♦  Target  initial  resources  toward  the  best  business  case  for  teclmology.  not  just  the 
neatest  technology 

♦  Target  security  resources  to  what  is  needed  for  a  given  system  -  rather  than  the 
maximum  for  all  systems 

♦  Avoid  direct  competition  witli  private  sector  providers  of  service  or  products 

♦  Design  and  build  solutions  that  promote  a  "single  face"  of  government  (at  all 
levels  of  government) 

♦  Implement  solutions  that  leverage  users  existing  private  electronic  commerce 
practices  and  technology 

♦  Develop,  organize  and  present  online  data  and  processes  to  suit  tlie  citizen  or 
business,  not  government 

The  following  section  outlines  specific  recommendations  in  two  general  categories:  Business 
and  Technical. 


Page  6 


Recommendations 


Business 

1.  Develop  a  Web  presence  for  evers  Department  accessible  via  Uie 
Commonwealtli  MAGNet  home  page. 

2.  Increase  agencies'  Web  presence  by: 

2.1.  Publishing  major  work  products  on-line 

2.2.  Enabling  customer  inquiries  on-line 

2.3.  Handling  core  business  transactions  on-line.  (i.e.  Permits,  Licenses.  Filings,  etc.) 

3.  Collaborate  across  agencies  to: 

3.1.  Identify  and  analyze  common  business  practices 

3.2.  Transform  and  centralize  common  business  practices  across  organizational 
boundaries 

4.  Enhance  communication  and  collaboration  across  agencies  througli: 

4.1.  An  online  govenunent  Web  site 

4.2.  Tracking  and  publicizing  department  online  government  projects 

4.3.  Common  interest  databases  and  discussion  tools 

4.4.  An  interdepartmental  online  government  project  group  that  holds  regular  meetings 
to  discuss  issues,  technologies  and  products,  and  best  practices 

5.  Develop  state-wide  policies,  guidelines,  and  legislation  in  the  following  areas; 

5.1.  Privacy 

5.2.  Management  of  Electronic  Records 
5  .3.  Amendment  of  old  "  quill  pen"  laws 

5.4.  Web-based  revenue  generation 

5.5.  Security 

6.  Develop  and  implement  a  statewide  coordinated  authentication  strategy  to 
minimize  costs  and  reduce  risks  to  the  CommonwealUi  through: 

6. 1.  The  appropriate  use  of  standards,  including  tlie  safeguarding  of  privac>' 

6.2.  A  framework  for  performing  cost-benefit  and  risk  analyses  to  compare  PKI  versus 
other  security  and  authentication  approaches 

6.3.  Shared  certificates  and  certificate  policies 


Page? 


Technical 


1.  De\  elop  Public  Access  infrastructure  as  an  enterprise-wide  baseline 

1.1.  Publicize  the  current  technical  architecture  and  network  securit>' 
requirements 

1.2.  Re-assess  the  current  architecture  and  securit>  requirements  on  an  ongoing 
basis  to  support  evoh  ing  Department  needs  and  available  technologies 

2.  Implement  TCP/IP  to  desktops  in  all  agencies  to  achieve; 

2.1.  Adherence  to  a  standard  network  protocol 

2.2.  Adherence  to  an  open  system  communication  protocol 

2.3.  Enable  a  standard  client  interface  througli  the  use  of  Web  browsers 

3.  Develop  a  menu  of  Security  and  Autlientication  options  to  support  \  arious 
apphcations  and  transactions  in  conjunction  widi  the  development  of  Business 
Recommendations  section  5.5  and  6. 

4.  Develop  Application  guidance  that  addresses  at  a  minimum; 

4. 1 .  ADA  requirements 

4.2.  Look  and  feel 

4.3.  Site  design 

4.4.  Perfonnance  standards 


PART  II 


CtPiiht  SSis  6f 
Background 

As  a  result  of  two  Information  Teclinolog>'  (IT)  bond  autliorizations  in  tlie  Coinmonwealtli  of 
Massachusetts,  the  fu-st  enacted  by  the  legislature  in  1992.  and  the  second  enacted  in  1996.  IT 
development  projects  have  been  built  and  implemented  by  \  arious  agencies  tliroughout  state 
government  to  meet  particular  business  needs.  Some  of  these  projects  have  brought  ser\'ices 
to  a  wider  user  population  because  they  ha\  e  been  made  available  to  users  via  the  Internet  and 
the  World  Wide  Web.  For  example,  the  Registry  of  Motor  Vehicles  now  pro\  ides  a  way  for 
drivers  to  renew  their  vehicle  registration  or  pay  fines  via  the  RMV  Web  site.  While  these  IT 
investments  have  been  successful  for  their  particular  organizations,  over  tlie  last  year, 
attention  has  begun  to  focus  on  how  to  leverage  the  growmg  number  of  online,  automated 
systems  and  the  maturing  Internet-based  serv  ice  capabilities  to  create  a  more  comprehensive 
\  ision  of  integrated,  online  Gov  emment  serv  ices  via  tlie  Web  which  cross  organizational 
boundaries. 

Certain  agencies  in  state  government  have  gained  substantial  experience  witli  online  s\  stems 
dev  elopment  and  new  technology  deployment.  The  Commonwealtli's  Chief  Infonnation 
Officer.  Louis  Gutierrez,  decided  to  tap  tliat  growing  knowledge  base  to  create  the  Online 
Government  Task  Force.  The  Task  Force  was  charged  to  help  chart  the  immediate  future 
course  of  online  government  in  the  Commonwealth  by  defining  a  vision  for  online 
government  assessing  the  current  environment  (from  both  a  technical  and  a  policy /legal 
standpoint),  identifv  ing  emerging  common  applications  ripe  for  Internet  and  Web 
implementation,  reviewing  currently  available  teclinology  offerings  of  interest  and  then 
reporting  on  our  findings  and  making  recommendations  for  further  action. 

The  Task  Force  began  by  identifying  and  evaluating  applications  with  varving  securitv  and 
authentication  requirements,  w  liich  were  used  as  examples  to  frame  a  Request  for  Infonnation 
(RFI)  on  products  and  services  to  meet  these  needs.  Tlie  information  gamed  from  that  RFI  is 
detailed  in  this  report  and  will  inform  the  Task  Force's  findings  and  recommendafions.  The 
Task  Force  also  conducted  a  sun  ey  of  existing  and  planned  online  government  projects 
throughout  the  Commonw  ealth.  This  survey  provided  an  indication  of  current  online 
government  initiatives  that  are  deemed  important  by  agencies. 

Internal  Current  Computing  Environment 

MAGNet,  the  Internet  and  Current  Public  Access  Architecture 
The  Commonwealth  of  Massachusetts'  internal  netw  ork  is  called  MAGNet.  short  for 
Massachusetts  Access  to  Government  Networks.  It  is  a  TCP/IP  routed  network,  utihzing  245 
Cisco  routers  strategicallv'  located  throughout  tlie  Commonw  ealth  MAGNet  pro\  ides  1 5 1 
State  agencies  with  high-speed  frame  relay,  centrally  managed  connections.  Tliis  network 
allow  s  agencies  to  access  many  Commonwealth  resources  including  tlie  mainframe  systems 
and  the  Information  Warehouse  and  also  provides  the  capabilit>  for  mteragencv 
communication.  TCP/IP  has  been  implemented  in  appro.ximately  60%  of  tlie 
Commonwealth's  agencies  to  date. 

Local  Area  Networks  (LANs)  in  the  Commonwealth  currentlv  run  several  operating  s>  stems, 
including  Windows  NT.  Novell  NETWARE  and  Banyan  Vines  operating  sv  stems  Tlie 
current  Commonwealth  standard  sfipulates  at  a  minimum  Windows  NT  Server  Version  4.0, 
Banyan  VINES  6.3  with  TCP/TP  Server-to-Server  Option  for  remote  TCP/IP  access  and 
Novell  NETWARE  Version  4. 1  with  TCP/IP  Option(s)  such  as  Novix  or  LAN  Workplace. 


Page  9 


The  current  desktop  PC  standard  for  new  purchases  is  a  200  MHz  Pentium  processor  with  32 
MB  memor\  and  a  10/100  MB  Etliemet  network  interface  card.  Tlie  operating  s\'stem  is  32- 
bit  Microsoft  Windows  (either  Windo\\s  95  or  Windows  NT  4.0  Workstation)  with  an 
Internet  Web  Browser  (eitlier  MS  Internet  E.xplorer  3.0  or  liiglier  or  Netscape  Navigator  3.0  or 
higher). 

GTE/BBN  and  MCI  provide  Internet  access,  with  liigh-speed  connections  to  MAGNet 
through  the  ITD  Network  Control  Center.  Security  is  mamtained  via  a  firewall,  through  w  hich 
all  traffic  to  and  from  tlie  Internet  passes,  hitemet  users  can  be  secureh  connected  to  network 
resources  within  MAGNet  via  specially  configured  and  protected  servers.  Commonwealth 
agencies  can  obtain  additional  information  about  the  current  Public  Access  Arcliitecture  b> 
contacting  the  Information  Technolog}  Division. 


Page  10 


Commonwealth  of  Massachusetts  Web  Site 

The  CommonvA-ealtli  of  Massachusetts  web  ser\  er  is  home  to  web  sites  for  eight\  state 
agencies  and  handles  3  million  file  requests  monthly.  The  Internet  Services  Group  within  the 
Information  Teclmologv  Division  provides  consulting  services  and  training  to  state  agencies 
as  well  as  server  space  at  no  cost.  An  average  of  three  agenc>  web  sites  have  been  added  each 
month  o\er  the  past  two  years.  Unfortunately,  many  agencies  and  otlier  public  entities  still 
have  no  web  presence  on  tlie  state  web  site 

Through  the  state "s  web  site,  agencies  have  been  able  to  make  their  information  available  to  a 
wider  audience  without  the  incremental  costs  associated  with  paper  distribution.  The  state 
web  site  has  been  the  source  of  publishing  "firsts"  for  the  Commonwealth:  the  Comptroller  s 
financial  statements,  the  Governor's  budget  recommendations,  employment  statistics,  and 
local  aid  announcements  are  among  the  materials  that  can  be  found  on  tlie  web  when  or 
before  a  paper  copy  is  available.  As  discussed  later  in  tliis  report,  agency  sites  are  beginning 
to  go  beyond  publisMng  to  more  interactive  applications  such  as  accessing  bid  solicitations 
and  renewing  automobile  registrations. 

X.500  Directory  Server 

The  Commonwealth  possesses  an  X.500  Directory'  Server.  X.500  is  not  a  database  (though  it 
may  use  one).  In  its  basic  definition  X.500  is  a  tecluiical  arcliitecture  for  constructing  a 
directory  service  according  to  a  defined  set  of  standards. 

The  directory  itself  is  a  hybrid  repository/index/pointer  to  objects.  "Objects"  is  meant  in  both 
the  data  and  physical  sense  (the  data  may  at  times  point  to  a  physical  location).  Standardized 
X.500  data  object  classes  define  the  directory  entries  by  specifying  which  attributes  can  and 
must  be  associated  with  each  particular  object  class  for  entries  assigned  to  a  particular  object 
class. 

The  "authoritative"  source  of  the  directory  information  is  typically  maintained  elsewhere  -  but 
is  loaded  into  the  directory  ,  witli  appropriate  mapping  of  entries  to  X.500  object 
classes/attributes,  for  centralized  "normahzation"/access  to  tliat  information.  Multiple  sources 
may  be  used  in  combination  to  construct  entries.  Given  this  positioning  of  tlie  teclmology . 
following  are  some  examples  of  how  X.500  can  be  used: 

♦  White  Pages — for  e-mail  addresses.  URLs.  Postal  Address, 
employment/employee  information,  all  types  of  public  resource  information 
(including  recreation  information,  assistance  programs,  government  poUcies, 
etc.), 

♦  Public  Key  Infrastructure  support  (X.509/LDAP,  in  particular)  to  store  and 
manage  user  authentication  certificates, 

♦  Interface  to  Smart  Card  ID  cards  with  all  applicable  applications  of  such,  e.g., 
authorizations,  building  security,  registration/enrollment  purposes, 

♦  For  application  program  reference,  e.g..  CommBridge. 

Keeping  in  mind  that  since  the  directory  is  a  repository  of  "pointers"/" indexes"  and  not  tlie 
"authority  ",  infonnation  can  be  made  available  to  people/appUcations  witliout  jeopardizing  or 
compromising  the  source  systems.  Multiple  images  of  tlie  directory  can  be  constructed  so  tliat 
depending  upon  authorizations  a  subset  of  information  is  available  for  query .  Internet 
technologies  -  Web  and  LDAP.  in  particular,  provide  the  access  mechanisms  to  tlie 
information.  However,  witliin  the  Commonwealth,  at  Uiis  time  the  dominant  use  of  tlie 
technology  has  been  with  E-mail. 


Page  11 


The  Comm-Bridge  project  provides  the  internal  framework  for  secure,  autlienticated 
apphcation  to  application  level  communications  witliin  tlie  state  network.  This  s>  stem  uses 
public  key  certificates  to  authenticate  applications  and  dexices  on  tlie  network. 


Current  Online  Government  Initiatives 

Agency  Projects 

The  Task  Force  conducted  an  inx  estigation  of  current  online  government  initiatives  within  the 
Commonwealth.  As  part  of  this  investigation,  the  Task  Force  drafted  a  sur\  e\  w  hich  w  as 
distributed  to  each  executive  branch  agency  and  otlier  segments  of  go\  emment.  Tlie  surv'e\ 
questions  were  designed  to  ascertain  the  scope,  security  requirements,  payment  features  and 
stage  of  completion  for  each  initiative. 

The  table  below  indicates  the  short  project  description  and  tlie  agency  involved  with  each 
apphcation.  A  total  of  35  projects  are  listed. 


Agency 

Project 

Bureau  of  Special  Investigations 

Investigator's  System 

Campaign  and  Political  Finance 

OCPF  Web  site 

Committee  For  Public  Counsel  Services 

PC  BILL 

Department  of  Correction 

Inmate  Research  Statistics  project 

Department  of  Housing  and  Community 
Development 

Client  and  Fiscal  Management  System  (CAFMIS)-  IT2 

L/cpdiifiicru  ui  lAcvcnuc 

Tax  Exempt/Resale  Certificate  Verification 

Department  of  Revenue  - 

Corporate/Personal  Income  Tax  Extensions 

Department  of  Revenue 

Customer  Feedback  Form 

Department  of  Revenue 

Electronic  Funds  Transfer  (EFT)  Application 

Department  of  Revenue 

Taxpayer  Change  of  Address  Form 

Division  of  Banks 

Authenticated  Internet  Forms  Filing 

EOHHS 

Client  Index 

Executive  Office  of  Environmental  Affairs 

Internet  Access  to  GIS 

Executive  Office  of  Public  Safety 

Public  Safety's  Non-Confidential  Information 

Fishenes,  Wildlife  and  Environmental  Law 
Enforcement 

SPORT 

General  Court 

Massachusetts  General  Laws  Online 

Holyoke  Community  College 

Student  registration  over  the  Web 

Page  12 


AgBncy 

Holyoke  Community  College 

Student  access  to  personal  information 

Mass  Highway 

Incident  Management 

Mass  Highway 

Federal  Highway  Electronic  Data  Exchange 

Mass  Highway 

Traffic  Video  Information 

Mass  Highway 

CIS  Map 

Massachusetts  Aeronautics  Commission  (MAC) 

Airport  Information  Management  System  (AIMS) 

Mount  Wachusett  Community  College 

Distance  Learning 

North  Shore  Community  College 

EDE 

North  Shore  Community  College 

State  SQL  server  for  spending  plan 

North  Shore  Community  College 

Banner  Web  for  Student 

Office  of  the  Comptroller 

MMARSWeb/ManagerMMars 

Office  of  the  Comptroller 

MMARSWebA/endorWeb 

Office  of  the  Comptroller 

MMARSWebAA/EBWarehouse 

Operational  Services  Division 

Procurement  Desktop 

Operational  Services  Division 

Comm-Pass 

Registry  of  Motor  Vehicles 

Express  Lane 

Secretary  of  State 

Voter  Information 

Worcester  State  College 

Colleague  INTERNET  Access 

A  copy  of  the  Sun  ey  and  cover  letter  as  well  as  a  more  detailed  spreadsheet  containing  tlie 
surv  ey  results  can  be  found  in  Appendix  B.  The  following  charts  provide  an  analysis  of  the 
results  in  certain  key  areas: 


Page  13 


STAGE  OF  COMPLETION 


I  Concept 
I  □  Design 
I  Work  being  done 


While  tlie  majorin  of  Department  projects  are  still  iii  tlie  Concept  or  Design  stage,  it  is 
significant  to  note  that  work  is  already  being  done  on  13  projects. 


RELATIONSHIPS 


UNKNOWN 


KNOWN 


0 

g 

8 

7 

11 

 ^ 

INTERNAL 


EXTERNAL 


The  chart  above  categorizes  Uie  projects  according  to  tlie  relationship  between  tlie  agencies 
and  the  target  audiences  for  the  apphcations.  Tliis  relationsliip  is  a  key  detenninant  of  tlie 
level  and  type  of  autlientication  tliat  will  be  needed  for  individual  apphcations.  The  temi 
"internal"  is  used  to  encompass  entities  within  State  government  and  its  agencies  such  as 
employees.  "E.xtemar"  is  used  to  refer  to  entities  outside  of  State  government  such  as  N  endors 
and  citizens.  "Known"  entities  are  tliose  with  whom  tlie  Conmionwealth  has  a  pre\  loush 
established  relationsliip  such  as  contracted  vendors  and  service  recipients.  "Unlcnown"  entities 
do  not  have  existing  relationships  witli  the  Commonwealth  such  as  an  anonymous  member  of 
the  general  public  or  a  new  vendor  responding  to  a  solicitation  request. 


Page  14 


The  majority  of  projects  (26)  involve  known  internal  or  external  entities  or  a  combination  of 
both.  Only  9  projects  involve  unknown  external  entities.  However,  most  of  tliese  apphcations 
involve  the  provision  of  public  infonnation  for  w  hich  autlientication  would  not  be  necessary . 
The  need  for  autlientication  will  vary  based  on  tlie  particular  appUcation  and  will  depend  on 
an  evaluation  of  the  risks,  the  benefits  and  the  costs  of  levels  of  autlientication.  In  tlie  case  of 
known  parties,  we  assume  that  autlientication  will  be  easier  to  implement  because  of  existing 
agreements,  commumcations  or  other  available  methods  of  identification.  Likew  ise, 
authentication  should  be  easier  to  implement  with  internal  parties  than  with  external  parties. 


The  majority  of  applications  (28)  may  be  accessed  by  external  parties  tlirough  the  Internet. 
Many  can  also  be  accessed  within  the  state's  Network  (MAGNet). 

Some  of  the  online  government  applications  deserv  e  special  consideration.  Tliese  "killer 
apps"  are  examples  of  the  new  model  for  delivery  of  state  services: 

The  Division  of  Banks 

Each  week  the  Division  of  Banks  (DOB)  publishes  a  Consumer  Credit  Guide.  To  qualifv  for 
inclusion  into  the  weekly  guide  a  participant  must  be  a  licensed  mortgage  lender  or  a  state  or 
federally  chartered  financial  institution  and  tlie  Division  verifies  tliat  each  entit\  is  in  fact  able 
to  participate.  DOB  is  piloting  a  new  process  whereby,  instead  of  a  manual.  FAX -based 
procedure,  banks  use  the  Internet  to  access  DOB's  Web  site.  Tlie  DOB  pilot  attempts  to  create 
autlientication  using  an  X.509\'3  public  key  certificate.  Tliey  will  use  tliis  autlientication  to 
enable  banks  and  other  financial  institutions  to  report  and  attest  to  their  interest  rates  (file 
forms)  with  the  Massachusetts  Division  of  Banks  over  tlie  Internet  and  be  assured  tliat  tlie 
Division  of  Banks  has  accurately  received  and  recorded  Uie  information.  At  the  same  time, 
DOB  will  be  assured  (via  the  certification  autliorit>')  tliat  tlie  reporting  institutions  are 
"authentic"  (legitimate)  and  will  have  tlie  digital  signature  of  the  financial  institution  as  a 
record  of  the  completed  transmission. 

The  Registry  of  Motor  Vehicles 

The  Registry  of  Motor  Vehicles  (RMV)  lias  a  series  of  online  transactions  available  on  tlie 
Internet.  Using  SSL2  security  ,  tlie  RMV  accepts  credit  cards  as  payment  for  citations, 
registration  renewals,  ordering  a  special  plate,  and  requesting  a  duphcate  registration 


EXTERNAL  ACCESS  THROUGH  INTERNET 


7 


■  Access  through 
Internet  enabled 

□  Access  through 


Internet  not  enabled  j 


28 


Page  15 


certificate.  SSL2  was  used  for  tliese  RMV  transactions  because  they  require  only 
confidentiality^  and  not  authentication  (SSL2  does  not  provide  autlientication).  Over  32.000 
people  have  taken  advantage  of  this  new  fomi  of  government  access  since  Jul_\  1996. 
Additionally,  ordering  vanity  plates,  requesting  driving  histor\',  and  reserving  road  exam  test 
time  will  soon  be  available. 


Operational  Services  Division 

The  Operation  Services  Division  (OSD)  has  launched  Comm-PASS  (Commonwealth 
Procurement  Access  &  Solicitation  System)  which  is  designed  to  advertise  solicitations 
(RFRs)  on  tlie  Internet.  Tlie  system  has  the  capability  to  both  advertise  the  existence  of  the 
solicitation  and  distribute  it  by  allowing  the  user  to  download  tlie  solicitation  files.  The  system 
is  available  24  hoiu"s  a  day.  365  days  a  year.  A  department  can  advertise  a  procurement  and 
distribute  the  bidding  materials  as  files.  This  allows  the  department  to  save  on  printing  and 
mailing  costs.  The  department  must  also  post  the  result  of  tlie  procurement  (who  bid.  wimiing 
bidder,  etc.)  in  Comm-PASS.  Tliis  allows  the  vendors  to  know  who  won  without  calling  the 
procurement  staff,  saving  both  parties  time. 


Legislative  and  Policy  Issues  and  Initiatives 

Some  of  the  major  policy  issues  facing  the  Commonwealth  witli  regard  to  tlie  deployment  of 
Online  Government  and  Electronic  Commerce  revolve  around  authentication,  privacy  and  the 
fairness  of  information  practices  related  to  the  creation,  storage,  use.  modification,  disclosure 
and  destruction  of  electronic  records  tliat  personally  identify  an  individual  or  contain 
otherwise  sensitive  data.  The  extent  to  which  authentication  is  required  in  tlie  first  place  is 
itself  a  policy  -  not  a  technical  -  issue. 

The  ITD  Office  of  the  General  Counsel  has  worked  on  several  privacy  issues  related  to 
electronic  records  systems  for  the  Commonwealtli.  The  Deput>'  General  Coimsel  for  tlie 
Information  Technology  Division  has  testified  before  Congress  on  issues  of  electronic  data 
privacy  (written  testimony  available  at:  http://www.tiac. net^iz/danielg).  The  Commonwealth 
should  not  require  authentication  of  an  individual  where  it  is  not  necessary  to  accomplish  the 
underlying  transaction. 

For  example,  there  will  be  situaUons  where  the  Commonwealtli  has  no  direct  interest  in  the 
individual  who  conducts  a  given  transaction,  but  does  need  assurance  that  tlie  user  is 
authorized  or  maintains  a  particular  role  witlvin  an  organization.  Similarly,  tliere  may  be  a 
place  for  pseudonyms  or  anonymous  transactions  where  appropriate.  If  autlientication  occurs, 
tlien  tlie  Commonwealth  should  assiu-e  that  tlie  personally  identifiable  data  is  kept  in 
accordance  with  fair  information  practices  guidelines  and  is  treated  witli  the  liighest 
appropriate  care.  More  infonnation  on  the  privaq'  and  fair  infonnation  practices  issues 
presented  by  electronic  authentication  and  records  systems  is  included  in  Appendix  E  of  tliis 
document. 

Tlie  Commonwealtli  must  also  grapple  witli  die  extent  to  wliich  we  pennit  private  sector 
parties  to  create,  manage,  sell  or  otherwise  control  public  information  tliat  is  in  electronic 
form.  Some  states  have  "out-sourced"  tlie  management  of  tlieir  official  web  sites,  for 
example.  In  such  arrangements,  tlie  private  sector  vendors  will  typically  cover  costs  and 
create  profits  by  selecting  some  data  or  processes  to  witliliold  from  the  public  imless  a 
subscription  or  other  fee  is  paid  to  the  vendor.  Tliis  subscription  ma>  be  for  so-called  "x  alue 
added"  data  or  services,  such  as  online  transaction  systems  that  tlie  vendor  provides  to  state 
agencies.  It  remains  to  be  determined  whether  such  arrangements  would  be  in  tlie  public 
interest  or  would  risk  over-commercializaUon  of  processes  and  data  w  Inch  w  ould  oUiervMse 
be  free  for  public  access. 


Page  16 


Anotlier  area  of  concern  relates  to  the  accessibility  of  online  resources  to  ail  citizens.  As 
mentioned  earlier,  a  key  potential  benefit  of  Online  Government  will  be  the  easier 
accessibilit)  of  data  to  the  public.  However,  tlie  government,  as  an  organization  Uiat  is 
accountable  to  all  tlie  people,  must  also  consider  tlie  equit\  of  making  data  or  resources 
available  online  when  many  citizens  still  do  not  have  access  to  computer  resources. 
Furthermore,  the  Americans  With  Disabilities  Act  (ADA)  must  also  be  applied  to  all  onlme 
resources  to  assure  liandicapped  citizens  are  not  unduly  disadvantaged  by  the  presentation  of 
data  via  online  methods  that  can  not  be  accessed  due  to  disability'  (such  as  bhndness).  More 
informaUon  is  available  on  how  to  assure  onhne  government  comphance  witli  the  ADA  in 
Appendix  E  of  tliis  document. 

Underlying  all  these  policy  concerns  is  the  more  fimdamental  principle  of  governance.  It  is 
the  citizen  "s  constitutional  right  that  tlieir  government  be  accountable  to  the  governed  at  all 
times  and  in  all  activities.  Using  online  government  to  reduce  costs  and  enhance  service 
quality  serves  the  deeper  purpose  of  maintaining  liigh  levels  of  responsiveness  and 
accountabilit>'  to  tlie  self-governed. 

Proposed  Massachusetts  Electronic  Records  and  Signature  Act 

One  of  the  factors  slowing  more  widespread  use  of  the  Internet  for  government  transactions  is 
the  legal  uncertaint\'  surrounding  the  use  of  electronic  media  rather  than  traditional  paper- 
based  systems.  For  example,  a  search  of  the  Massachusetts  General  Laws  reveals  over  4.500 
sections  that  refer  either  to  written  documents  or  signed  documents.  This  has  generated 
substantial  uncertainty  as  to  whether  an  electronic  transaction  will  have  binding  legal  effect. 

To  address  this  imcertaint>',  the  Information  Technology  Division,  at  the  direction  of  the 
Executive  Office  for  Administration  and  Finance,  lias  been  working  to  draft  legislation  that 
would  confirm  the  abiht>'  of  state  agencies  to  use  electronic  transactions  even  when  there  is  a 
law  requiring  a  written  or  a  signed  instrument.  The  Massachusetts  Electronic  Records  and 
Signatures  Act  (MERSA)  is  designed  to  validate  online  government  without  forcing  agencies 
to  abandon  paper-based  systems  until  they  are  ready  to  do  so.  A  copy  of  the  latest  version  of 
MERSA  is  available  on  the  ITD  legal  department's  web  site 
(http :  //www .  state .  ma.  us/i  td/legal) . 

In  brief  MERSA  states  that  where  any  law  requires  a  writing,  that  law  is  satisfied  by  a 
"record."  Tlie  statute  defines  a  record  as  "information  tliat  is  inscribed  on  a  tangible  medium 
or  that  is  stored  in  an  electronic  or  other  medium  and  is  retrievable  in  perceivable  fonn  .  .  . 
[including]  electronic  records  and  written  records."  Regarding  signatures.  MERSA  provides 
that  where  any  law  requires  a  signature  of  a  person,  that  requirement  is  met  by  that  person's 
electronic  signature.  In  addition.  MERSA  explicitly  states  that  agencies  "ma>'  create  and 
receive  electronic  records  in  heu  of  written  records,  and  may  also  convert  written  records  to 
electronic  records."  Reahzing  that  not  all  agencies  are  ready  to  support  electronic 
transactions.  MERSA  provides  that  nothing  in  the  statute  sliall  be  construed  to  require  an\ 
agency  to  use  or  permit  the  use  of  electronic  records  or  signatures.  MERSA  also  enables  non- 
governmental electronic  commerce  transactions  between  private  sector  parties.  However, 
nothing  m  MERSA  would  change  or  limit  existing  consumer  protection  provisions  of  law. 

While  several  states  have  already  adopted  so-called  "digital  signature"  laws.  MERSA 
represents  a  new  approach  that  is  rapidly  gaining  favor  with  otlier  states.  Unhke  tlie  first 
digital  signature  law  enacted  by  Utah.  MERSA  is  "technolog\'  neutral"  in  tliat  it  does  not 
specify  the  type  of  technolog\'  that  parties  must  use  to  gain  the  benefits  of  the  law  "s 
provisions.  In  addition.  MERSA  is  non-regulator\ .  whereas  Utali-st>'le  law  s  impose  stringent 
licensure  requirements  for  certain  companies  tliat  prov  ide  serv  ices  related  to  digital 
signatures.  A  recent  Internet  Law  and  Policy  Forum  study  of  state  electronic  signature 
legislation  shows  tliat  tlie  trend  among  states  adopting  such  laws  is  distinctl>  toward  tlie 
Massachusetts  approach. 


Page  17 


Relationship  with  Other  States  and  the  Federal  Government 

The  Commonwealth  has  collaborated  closely  with  the  National  Conference  of  Commissioners 
on  Uniform  State  Law  on  the  drafting  committee  for  tlie  Uniform  Electronic  Transactions  Act 
(UETA  ).  In  addition  to  the  Commonwealth's  formal  committee  membership,  tlie  Information 
Teclmolog>  Division  has  actively  assisted  tlie  UETA  drafters,  based  on  MERSA.  As  a  result, 
official  comments  to  the  UETA  cite  MERSA  in  several  sections.  The  Infonnation  Teclinologv 
Division,  througli  the  Office  of  the  General  Counsel,  has  also  been  involved  in  Electronic 
Commerce  legal  reforms  within  other  states  and  state  organizations.  Tlie  Deputv  General 
Counsel  (DGC)  for  FTD  has  formally  testified  or  presented  on  tliese  issues  before  the  National 
Governor's  Association,  the  Western  Governor's  Association,  tlie  states  of  Rhode  Island, 
Tennessee,  West  Virginia,  Mississippi  and  oUier  venues. 

The  Commonwealth  has  also  been  a  leading  coordinator  of  the  federal-state  relationship  on 
these  law  and  policv^  issues.  Governor  Weld  joined  the  United  States  Iimovation  Parmersliip  - 
an  initiative  of  the  National  Governor's  Association  and  tlie  White  House  Office  of 
Technology  Policy  created  to  coordinate  technology  policy  at  the  national  level  between 
states  and  the  federal  government.  The  DGC  has  served  as  the  USIP  Governor's  Alternate 
under  the  Weld  and  Cellucci  administrations.  In  tliis  organization,  the  Coimnonwealtli  has  led 
development  of  an  experimental  Internet  web  site  for  collaborative  discussion  of  electronic 
commerce  law  and  policv'.  Tlie  web  serv  er  is  hosted  at  the  University  of  Massachusetts  and  is 
used  bv  state  and  federal  policy  makers  in  boUi  tlie  executive  and  legislative  branches  as  a 
two-way  communications  and  update  tool. 

The  DGC  has  testified  before  the  Senate  and  Congress  on  multiple  occasions  as  federal 
legislators  seek  information  and  direction  on  electronic  autlientication  and  data  privacy 
legislation.  The  written  testimony  is  available  at  www. state .  ma. us/itd/legal .  As  part  of  Uiis 
cooperative  posture  with  our  federal  partners,  the  Office  of  the  General  Counsel  lias  also 
assisted  Congressional  staff  with  the  drafting  of  federal  bills,  including  H.R.  299.  Uie 
"Electronic  Commerce  Enhancement  Act  of  1997."  Specifically,  the  DGC's  contributions  led 
to  provisions  in  the  legislation  that  assure  the  technical  standards  for  federal  government 
electronic  forms  "shall  be  compatible  witli  standards  and  technology  for  digital  signatures 
used  in  commerce  and  industry  and  by  State  governments."  This  language  directly  reflects  the 
Commonwealth's  position  of  supporting  and  using  private  sector  technical  standards  in 
government  operations  and  policy.  Tlie  DGC  has  also  presented  at  federal  agencies,  such  as 
the  "Access  America"  conference  of  the  National  Perfonnance  Review,  and  tlie  "Public 
Forum  on  Certificate  Authorities  and  Digital  Signatures"  by  Uie  National  Institute  for 
Standards  and  Technology.  In  addition,  the  DGC  has  consulted  witli  federal  policy  makers 
regarding  electronic  commerce  issues,  including  Ira  Magaziner,  Special  Advisor  to  the 
President  of  the  United  States. 


Industry  Collaboration 

The  Certificate  Authority  Ratings  and  Trust  Task  Force  of  the  Internet  Council 

Late  in  1996,  tlie  Office  of  the  General  Counsel  of  ITD.  in  conjunction  witli  tlie  OflTice  of  tlie 
Director  of  tlie  Digital  Signature  Program  for  the  State  of  Utali,  agreed  to  organize  a  meeting 
to  discuss  the  creation  of  general  market  based  accreditation  standards  for  use  of  digital 
signatures  and  Certificate  Authorities.  Soon,  Carolyn  Purcell.  CIO  for  tlie  state  of  Te.xas  and 
then  President  of  the  National  Association  of  State  Infonnation  Resource  Executives  agreed 
to  take  the  leadership  for  pulling  tliis  meeting  togetlier.  Tlie  meeting  was  attended  by  sev  eral 
states.  U.S.  Federal  agencies,  representatives  from  several  countries,  everv  major  Certificate 
Authority,  EBM.  Miaosoft,  Netscape.  National  Computer  Securitv'  Association.  Nov  ell.  Open 
Market,  Deloitte  &  Touche  LLP.  tlie  Massachusetts  Teclmologv  Collaborative.  Telecom 
Ireland,  Stanford  Law  School's  Lav\  and  Technology  Policy  Center,  and  tlie  United  States 
Council  for  International  Business. 


By  the  end  of  the  collaboration,  three  state  associations — the  National  Association  of  State 
Information  Resource  Executives  (NASIRE),  tlie  National  Association  of  State  Auditors. 
Comptrollers  and  Treasurers  (NASACT).  and  tlie  National  Association  of  State  Purchasmg 
Officials  (NASPO)  ~  and  their  state  govenmient  members  had  assumed  a  coordmated 
leadership  role  on  tliis  issue.  Tlie  three  associations  agreed  to  work  through  membership  to  tlie 
Internet  Council  of  tlie  National  Automated  Clearingliouse  Association  (NACHA)  as  an  open 
and  participator*'  private  sector  based  forum  witliin  which  to  grapple  with  these  issues.  In  this 
forum,  the  states  are  working  with  Federal  govenmient  and  private  sector  representatives  to 
develop  a  market-based  means  to  evaluate  or  rate  Uie  trustworthiness  and  performance  of 
certification  authorities  issuing  digital  certificates  as  part  of  a  PKI-based  electronic  commerce 
solution.  As  of  the  publication  date  of  tliis  report,  some  14  state  governments  are  paid- 
members  participating  in  tliis  effort.  Tlie  initiative  is  taking  place  under  the  Certificate 
Authorit>'  Ratings  and  Trust  Task  Force  (CARAT)  of  NACHA's  Internet  Council. 

The  CARAT  Task  Force  is  working  on  tlie  development  of  market-based  rules  and  standards 
for  the  evaluation  and  rating  of  certification  authorities  and  the  certificates  tliey  issue.  For  PKI 
to  be  truly  useful  as  a  serious  business  tool,  subscribers,  relying  parties  and  tlie  general  public 
must  have  confidence  that  CA's  will  be  held  accountable  for  their  performance  and  services, 
witli  appropriate  liabilities  established.  However,  a  trustworthy  system  must  also  take  into 
account  the  rights  and  responsibilities  of  the  other  parties  involved. 

Through  participation  in  the  ANT  Work  Group's  CA  pilot,  and  research  and  collaboration 
with  other  industr\'  and  government  efforts  related  to  CA  accreditation  and  evaluation. 
CARAT  task  force  members  are  striving  to  develop  a  uniform  regimen  of  metrics,  processes 
and  standards  (operating  rules  or  "named  policies").  These  named  policies  would  support  the 
use  of  registered  certificate  policies  and  specified  types  of  transactions  conducted  on  open 
networks  and  supported  by  an  "open  but  bounded"  public  key  infrastructure  (PKI),  usable  b_\ 
both  private  sector  and  government  organizations.  A  related  intent  is  to  use  tlie  certificate 
policies  as  the  basis  for  a  controlled  test  of  service  apphcations  in  a  real  operational  setting 
among  public  and  private  sector  members  of  the  Internet  Council. 


Academic  and  Educational  Collaboration 

The  Information  Technology  Division  hosted  a  public  briefing  by  the  National  Research 
Council  on  their  report:  "Cryptography's  Role  in  Securing  the  Information  Society."  The 
briefing  was  held  at  the  Gardener  Auditorium  m  the  State  House  on  Wednesday,  August  7, 
1996.  Co-sponsored  by  the  Boston  Bar  Association's  Computer  Law  Committee  and  the 
Boston  Computer  Societ\  Legal  Group,  this  briefing  brought  together  members  of  the 
academic,  financial  services,  government  and  teclinolog>  sectors  of  Massachusetts  to  discuss 
national  oyptography  policy  and  the  role  of  state  government.  Tliis  was  an  e.vample  of  state 
government  acting  as  a  convener  of  major  policy  debates  in  a  public,  non-partisan  fonun. 
More  information  on  this  event  is  available  at  http://www.tiac.net/biz^cslegal/nrcl.lltm. 

The  Commonwealtli  of  Massachusetts  and  tlie  Massachusetts  Institute  of  Teclmology  have 
cooperated  to  explore  technical,  design  and  polic\'  issues  in  an  academic  setting.  Tlie  Deputy 
General  Counsel  for  the  Information  Technology  Division  holds  an  academic  appointment  as 
lecturer  at  MIT,  where  he  teaches  at  the  graduate  level  on  topics  of  electronic  commerce, 
virtual  communities  and  online  government.  In  1997,  tlie  graduate  course:  "Virtual  State 
House"  generated  several  working  prototypes  of  virtual  realit> ,  multi-user  onlme  go\  enmient 
environments.  In  the  Spnng  of  1998.  tlie  graduate  course:  "Designmg  Electronic  Commerce 
and  Online  Government"  is  exploring  tlie  relationship  between  teclmology  and  polic>  in  the 
design  and  implementation  of  online  transactional  systems. 


Page  19 


Current  Available  Technology 

Excerpt  from:  "States'  Role  in  Developing  Digital  Signatures  Policies  and 
Standards" 

States,  like  other  levels  of  government,  have  an  interest  in  the  promotion  of 
]   electronic  commerce.  The  government  at  all  levels  has  a  duty  to  seek  efficiencies 
in  the  delivery  of  government  services  by  reducing  costs  and  enhancing  service 
quality.  Modern  economic  development  policies  should  specifically  promote 
electronic  commerce  in  the  private  sector.  Digital  signatures  are  an  important 
tool  to  enable  secure  electronic  commerce  and  the  technology  underlying  such 
signatures  requires  special  attention. 

-  Statement  by  the  Legislative  and  Policy  Work  Group  of  the  Information 
Security  Committee  of  the  American  Bar  Association,  7.31.97 

The  Task  Force  investigated  several  technologies  with  an  eye  toward  solutions  that  are  cost- 
effective  and  wliich  meet  our  business  needs  for  implementing  systems  tliat  are  simple  and 
efficient  for  the  user.  Much  of  the  attention  of  the  Task  Force  was  focused  on  information 
securitv  technolog> .  and  particularly  on  implementations  of  public  key  cryptography.  The  use 
of  so-called  digital  signatures  was  a  major  issue.  Please  see  Appendix  D  for  more  infonnation 
on  Electronic  Authentication. 

Topics  discussed  included:  how  the  key  and  certificates  should  be  generated  and  managed:  to 
w  hat  extent,  if  any.  should  the  Commonwealth  act  as  our  own  Certificate  Autliont\'  (CA). 
what  existing  business  lines  would  benefit  from  use  of  digital  signatures,  how  w  ould  \  arious 
CA's  certificates  be  handled  technically  by  the  Commonwealth,  what  criteria  will  the 
Corrmionwealtli  use  to  determine  which  CAs  will  be  deemed  sufficient  for  a  given 
transaction,  and  what  policies  would  promote  the  broadest  use  of  the  fewest  certificates  by  a 
citizen  with  agencies. 

The  Task  Force  determined  that  it  is  too  early  to  definitively  decide  these  issues  because  this 
entire  area  is  still  maturing.  These  issues  are  also  Uie  topic  of  discussion  at  the  federal,  state 
and  private  sector  levels.  Efforts  are  underway  to  pilot  new  technologies  and  coordinate 
efforts  to  ensure  Uie  interoperability  of  approaches.  The  Commonwealth  needs  to  continue  its 
involvement  with  these  various  groups  and  continue  to  identify  Department  requirements  \\  itli 
the  goal  of  articulating  a  coordinated  statewide  approach. 

Technology  Matrix 

The  Task  Force  issued  a  Request  for  Information  (RFI)  to  \  endors  with  the  goal  of  seeking 
information  on  products  and  services  tliat  will  enable  tlie  Commonv\ealtli  to  use  tlie  Internet 
and  internal  networks  for  secure  messaging  and  transactions.  Tlie  RFI  document  is  included 
with  this  report  as  Appendix  C. 

Tlie  RFI  elicited  a  number  of  responses,  ranging  from  descriptions  of  a\  ailable  teclmolog>  to 
offers  of  integration  and  planning  sen  ices.  Tlie  RFI  responses  are  sununarized  in  tlie 
following  matrix.  Complete  RFI  responses  are  available  for  review  at  ITD. 


Page  20 


RFI 
Respondent 

Product/Service 
Description 

What  does  it  do? 

What  does  it 
cost? 

Andersen 
Consulting 

PLANNING  SERVICES 
Andersen  provides  no 
specific  products  or 
solutions  in  this  response 
They  offer  several 
strategies  for  providing 
secure  Internet  services. 
To  provide  specific 
solutions  Andersen 
requests  further  information 
regarding  the 
Commonwealth's  security 
policies. 

This  response  provides 
overviews  of  the  latest 
Internet  security  systems 
(hardware,  software,  and 
services)  Andersen 
needs  further  information 
from  the  Commonwealth 
including  security  policies 
and  hardware 
requirements. 

No  specific  costs  are 
discussed  The 
response  states  if  the 
Commonwealth 
selected  Andersen  as 
a  "full-solution 
partner" ,  instead  of 
disparate  hardware 
and  software  vendors, 
the  implementation  of 
on-line  government 
would  be  cost  neutral. 

BBN  Planet 

SERVICE 

BBN  proposed  several 
ideas  for  specific  solutions 
for  the  Commonwealth. 
BBN  proposed  the  use  of 
encryption  technology, 
SecurelD  cards,  and  SSL 
public  key  exchanges 
among  other  approaches. 

BBN's  solution  will 
incorporate  4 
qualifications  for  secure 
electronic  transactions: 

1)  user  is  certain  of 
communication  with 
correct  server. 

2)  server  is  certain  of  user 
identity 

3)  information  transmitted 
is  kept  between  user  and 
server 

4)  user  and  server  can  be 
certain  information  does 
not  alter  dunng 
transmission  process. 

No  specific  costs  were 
provided.  BBN  will 
provide  another 
proposal  when  the 
details  of  the 
particular  application 
are  known 
BBN  requires  use  of 
commercial  web 
browsers  and  can 
recommend  proper 
software. 

Control  Data 

COMBINATION: 
PRODUCTS  &  SERVICE 
Control  Data  offers  a 
combination  of  their  own 
X.500  directory  along  with 
technology  from  Entrust 
(see  above)  to  provide 
secure  web-based 
electronic  commerce. 

Control  Data's  security 
technology  includes  digital 
certificates  to  authenticate 
users  and  protect  the 
desktop;  public  key 
cryptography  and  virus 
protection  to  safeguard 
messages;  and  firewall 
and  virtual  private  network 
management  for  network 
security.  All  features  can 
be  integrated  into  the 
X.500  system  now  being 
used  by  the  state. 

No  specific  costs 
provided 

EDS 

SERVICES 
EDS  offers  the 
ImagineCard  solution. 
ImagineCard  is  part  of 
EDS'  HP  Praesidium 
Enterprise  Security 
Framework. 

The  ImagineCard  solution 
combines  smartcard 
technology  with  the  latest 
advances  in  public/private 
key  cryptography  to 
provide  strong  security  for 
electronic  transactions. 
ImagineCard  is  a 
comnonent  of  thp  HP 
Praesidium  Enterprise 
Security  Framework 
offenng  several  security 
products  to  lessen  the  risk 
of  doing  Internet 
business 

EDS  mentions 
situational  costs. 
However,  without 
further  specifics  they 
cannot  craft  complete 
solutions  with 
associated  costs. 

Entegrlty 
Solutions 

PRODUCTS 

Products  offer  a  series  of 
services: 

NotaryPlus  provides  CA 
framework. 
AssureWeb  provides 
access  control. 
SignOn  provides 
authentication  for  the  entire 

Entegrity's  products 
provide  proper 
authentication,  access 
control,  privacy  and  non- 
repudiation  needed  for  all 
secured  electronic 
transactions 
This  combination  of 
products  allows  the 

Solution  requires 
about  $30,000  of 
server  based 
software. 

Client  side  software 
and  support  Is  $36 
Certificates  per- 
issuance  will  cost 
between  $2-3 

Page  21 


RFI 
Respondent 

Product/Service 
Description 

What  does  it  do? 

What  does  it 
cost? 

Entegrity 
Solutions 
(cont.) 

session. 
Mailer  provides 
encryption/decryption. 
Security  Development 
Platform  provides 
integration  for  all  aspects  of 
security  system. 

Commonwealth  to 
become  their  own  CA  or 
they  can  enlist  a  separate 
service 

Entrust 

PRODUCTS 
Entrust  offers  security 
products,  public  key 
infrastructure,  and  key 
management  architecture 
The  products  are  X.509 
based. 

Entrust  offers  a  full  range 
OT  puuiic  Key  iniidsuuciure 
products  and  system 
solutions.  Entrust 
recognizes  the  cycle  of  a 
key  across  the  enterprise 
system  and  ensures  its 
compatibility. 

Costs  estimate  for 
server  hardware  is 
$6,000  per  5000 
users.  Client  licensing 
costs  are  $159 
(negotiable)  per  user. 

GTE 

SERVICE/PRODUCTS 
GTE  offers  deployment  of 
enterprise-wide 
authentication  and  access 
control  systems  using 
X.509  digital  certificates, 
o  1 1  L^yuerxrusi  is  ine 
certification  authority 

GTE  offers  Enterprise 
Information  Access.  By 
using  GTE  CyberTrust  to 
generate  X.509 
certificates,  they  are  able 
to  provide  secure  and 
authenticated  Internet 
access 

No  specific  costs  were 
provided.  Client  will 
need  a  PC  web 
browser.  Central  web 
server  hardware  and 
software  are  required. 
The  Commonwealth 
can  buy  a  CA  server 
or  use  the  services  of 
GTE.  GTE  identifies 
that  the  main  cost  will 
be  in  system 
integration. 

IBM 

PRODUCTS 
IBM  offers  security 
products  and  certification 
authority  services.  IBM 
also  provides 
authentication  and 
encryption  based  on  X.509 
certificates. 

Strategy  relies  on  access 
control  lists  for 
application,  transaction 
and  data  security.  The 
IBM  Vault  Depositor 
server  can  support  both 
persistent  and  non- 
persistent  Web-to-host 
connections. 

Hardware  and 
software  purchase 
required.  Solution 
costs  not  provided  in 
response. 

KPMG  Peat 
Marwick  LLP 

SYSTEM  INTEGRATION 
SERVICES 

KPMG  outlines  their  own 
"solution  architecture" 
using  numerous 
technologies.  The  core  of 
their  offer  however  is 
consulting  services. 

Their  solution  architecture 
uses  firewall  technologies 
to  separate  the  public 
Internet  from  the  internal 
networks  of  the 
Commonwealth  with  a 
"demilitarized  zone" 
(DMZ).  Servers  on  the 
DMZ  provide  user 
authentication,  user 
access  restriction,  and 
bind  users  to  their 
submissions. 

No  specific  costs 
provided. 

N*Able 

PRODUCTS 

N'Able  offers  enabling 

smart  card  technology  for 

the  Secure  Electronic 

Transaction  (SET) 

standard. 

Product  is  a  low-cost 
smart  card  to  hold  pnvate 
certificate  and  credit  card 
information.  Technology 
relies  upon  digital 
certificate  to  secure  a 
transaction.  Cards  are 
designed  for  usage  with 
the  SET  protocol  to 
facilitate  transactions 
between  consumers  and 
merchants.  Card 
scanning  device  for  PC 
necessary. 

N'Able  smart  cards 
are  offered  in  range 
from  $2.00  to  $25.00. 

NetDox 

SECURE  TRANSMISSION 
SERVICES 

NetDox  offers  a  pay-per- 

Characterized  as  an 
"Assured  Electronic 
Information  Delivery 

Costs  include  a  per- 
message  charge  of 
$6.85  for  packages  up 

Page  22 


RFI 
Respondent 

Product/Sen/ice 
Description 

What  does  it  do? 

What  does  it 
cost? 

NetDox 
(cont.) 

use  service  designed  to 
assure  the  security  and 
confidentiality  of 
electronically  transmitted 
"packages"  created  by  the 
sender. 

Service",  the  NetDox 
server  handles  and 
assures  all  transmissions 
NetDox  offers  a  wide 
range  of  secunty  and  non- 
repudiation  services  for 
documents,  images  and 
video  with  varying  levels 
of  security. 

to  250Kb  Additional 
charges  pertain  to 
larger  messages, 
message 
confirmation,  and 
longer  term  record 
archiving 

Oracle 

PRODUCTS 

Oracle  provides  X.509 

certification,  Kerberos  and 

other  single  sign-on 

technologies. 

Available  products 
support  secure  access 
through  non-Oracle 
firewalls  and  persistent/ 
non-persistent  database 
connections  behind 
firewalls.  Security  server 
CA  technology  available. 

Server  hardware  and 

VwTaCIC  oOllWalc  lo 

required.  Incentive 
pricing  is  mentioned  in 
response  but  not 
clearly  defined. 

PenOp 

PRODUCTS 

PenOp  is  software  for  the 
secure  capture, 
management  and 
verification  of  handvi^ritten 
signatures. 

PenOp  enables  users  to 
perform  a  normal 
autograph  and  have  it 
captured  electronically. 
PenOp  can  also  relialDly 
capture,  store  and 
transport  signatures 
between  different 
systems.  PenOp  does 
offer  signature 
verification. 

PenOp  offers  run-time 
licenses  costing  $100 
to  allow  signature 
captures  on 
workstations.  The 
digitizer  pad  and  pen 
required  to  perform 
the  signature  cost 
around  $1 00.  For 
signature  verification, 
the  price  goes 
according  to  the 
enterprise  scale. 
PenOp  SDK  costs 
$699  +  $20  shipping. 

Trusted 
Information 
Systems 
(TIS) 

PRODUCTS 
TIS  offers  security 
software,  including  the 
Gauntlet  Internet  Firewall, 
the  Gauntlet  PC  Extender 
and  SmartGATE: 
Guaranteed  Authenticated 
Transaction  Environment. 

The  Gauntlet  Internet 
Firewall  provides  secure 
access  and 

communications  between 
private  and  public 
networks. 

The  PC  Extender  creates 
a  secure  virtual  private 
network  (VPN). 
SmartGATE  provides 
secure  electronic 
commerce  for  virtually  any 
1  Or/IP  application  on  the 
Internet  through  mutual 
authentication  and 
session  encryption  and 
high-level  database 
protection. 

According  to  the  Product 
Cost  List  provided. 
Gauntlet  PC  Extenders 
for  both  Windows  3.1 
and  Win95  are  $100 
each.  All  SmartGATE 
servers  are  $6000,  and 
the  Gauntlet  Internet 
Firewall  systems  can 
cost  as  high  as  $17,000 

UNISYS 

SERVICE 

Unisys  CoollCE  (Internet 
Commerce  Enabler),  is  a 
software  integration 
solution  that  allows 
management  of  a  mixture 
of  static  and  dynamic 
Internet  Web  services  via  a 
corporate  Intranet  or  the 
public  Internet. 

CoollCE  can  manage 
Internet  documents  and 
services,  build  Internet 
business  services  based 
on  existing  applications 
and  data,  provide  secure 
Web  access  to 
applications  on  existing 
servers,  and  develop  new 

\A/ph  annlif^atinn^  h;^^pH 

V  V  dJ  a  LJLJ 1 11.^ 0 11 U 1  lo  UaoCU 

on  data  from  multiple 
servers  and  databases 
Unisys  reports  CoollCE 
will  integrate  with  industry 
standard  payment 
techniques 

No  specific  costs 
provided. 

Page  23 


Analyzing  Security  and  Authentication  Needs 

Before  agencies  can  choose  among  the  vanous  vendor  offerings,  a  more  basic  analysis  of 
securin  and  authentication  needs  for  indi\  iduaJ  projects  must  be  undertaken.  Basic 
judgements  about  securit\  and  authentication  must  be  made  by  the  agenc\  and  commumcaied 
to  the  vendors.  In  determining  whether  a  given  securit>  need  exists,  agencies  should  consider 
questions  like;  how  is  this  process  implemented  today?;  does  it  require  a  signature?;  is  tliere  a 
statute  or  regulation  that  requires  privacy  or  confidentialit>  or  individual  identification?;  is 
this  an  area  w  here  there  has  been  htigation  or  other  disputes  in  tlie  past  -  if  so.  what  are  the 
problems  and  how  do  the>  relate  to  tlie  online  system?;  how  much  financial  or  other  legal 
liabiht>  exposure  is  tliere  for  the  agency  if  there  is  a  problem  with  this  application?. 

The  Securit>  and  Authentication  Requirements  Matrix  on  page  26  summarizes  Task  Force 
discussions  defining  categories  of  information  secunt\ .  This  matrix  provides  a  draft  model  for 
analyzing  securit)  and  authentication  needs  on  a  project  basis. 

The  left  column  lists  specific  characteristics  that  may  be  a  part  of  a  single  online  government 
appUcation.  Across  the  right  columns  are  securit\  requirements  broken  into  tliree  levels: 
Network.  Document  and  Application.  To  make  use  of  the  matrix  an  agency  w  ould  first 
determine  which  charactenstics  apply  to  their  particular  application.  Then,  reading  across  the 
right,  agencies  would  check  off  appropriate  securit>'  requirements  for  each  of  the  appUcation 
characteristics  that  apply.  It  is  important  to  note  tliat  application  characteristics  are  broken  out 
to  assist  agencies  in  targeting  securit\'  solutions  specifically  to  the  part  of  the  apphcation 
where  such  solutions  are  required.  Securit\  solutions  can  be  costly,  time-consuming  and 
resource  intensive  and  should  therefore  be  matched  closely  to  actual  application  needs. 

For  any  given  apphcation  characteristic,  tliere  is  a  checklist  of  information  securit\ 
requirements  tliat  might  appl\ .  Tliese  are  in  tliree  levels:  network,  document  and  application. 
Some  securit>  only  deals  with  the  flow  or  control  of  data  as  it  flows  over  a  Network 
(including  tlie  Internet): 

♦  Confidentialit\'  means  preventing  interception  and  reading  of  the  data  as  it  flows 
over  the  network. 

♦  Authentication  for  access  control  means  only  allowing  certain  users  access  to 
certain  areas  or  resources  on  a  network. 

The  nexi  level.  Document  Securit\ .  deals  with  the  transacUonal  data  itself  -  the  data  tliat 
actually  consritutes  tlie  filing,  the  bid  or  the  contract  for  example.  Tliis  data  may  need  to  be 
kept  over  time,  secured,  autlienticated  and  so  on: 

♦  Data  privacy  refers  to  data  in  wliicli  a  person  or  entit\  lias  a  continuing  legal 
interest  or  right.  Medical  records,  proprietary  infomiafion  and  financial  data 
would  usually  require  this  type  of  security . 

♦  Receipt  or  acknowledgement  refers  to  those  instances  where  confinnation  of 
transmission  receipt  is  required  for  a  given  document  or  data  set. 

♦  Authentication  for  binding  intent  refers  to  data  tliat  form  the  basis  of  a  contract 
or  other  document  tliat  is  being  assented  to  or  "signed". 

♦  Data  integrity'  refers  to  tlie  need  to  show  that  tlie  data  originally  sent  has  not 
been  tampered  with  dunng  a  given  period  of  time. 

The  last  level.  Apphcation,  involves  functionality  available  within  the  application: 


Page  24 


♦    AutJientication  of  Role  or  Autliority  for  Specific  Actions  refers  to  an  individual 
user's  abilit>'  to  perform  any  given  function  within  the  apphcation  such  as 
approving  data  or  setting  user  rights. 

These  categories  overlap  to  some  extent,  but  tliey  are  presented  as  a  basis  to  begin  thinking 
about  information  security  needs  for  a  given  application  in  a  structured  and  solution-oriented 
manner.  The  following  example  uses  Conim-PASS  (tlie  State's  online  procurement  and 
solicitation  system)  to  illustrate  how  an  agenc>  may  be  able  to  use  the  matrix. 

A  given  electronic  commerce  apphcation  may  require  one  or  more  of  the  apphcation 
characteristics  that  are  listed  in  the  left  column  of  the  matrix.  CommPASS,  for  example, 
requires  #4.  Account  Usage,  for  agency  updates  since  only  autlionzed  parties  may  update 
their  own  information.  It  requires  #1.  Information  Access,  for  tlie  publisliing  of  publicl\ 
available  information.  Eventually,  for  bid  submission,  that  part  of  the  application  would  entail 
#3,  Legally-binding  Documents.  If  tlie  system  allowed  bidder  information  requests  by  e-mail 
or  web  form,  then  that  would  fall  imder  #2.  Iirformation  or  Service  Request. 

Given  this  set  of  application  characteristics,  the  applicable  security  requirements  are  then 
identified.  For  Account  Usage  (#4).  Transmission  Confidentiality  at  tlie  Network  level  would 
probably  be  necessar>'.  For  Information  Access  (#  1 )  it  is  likely  tliere  would  be  no  security 
requirements.  For  Legally-binding  Documents  (#3),  Transmission  Confidentialit\  would  be 
needed  at  the  Network  level:  and  Data  Privacy,  Receipt  or  Acknowledgement,  Authentication 
for  Binding  Intent  and  Data  Integrity  would  likely  be  needed  at  tlie  Document  level.  FinalU , 
for  Information  or  Service  Request  (#2).  it  is  probable  that  only  Receipt  or  Acknowledgement 
at  the  Document  level  would  be  needed. 

Based  on  the  boxes  checked  in  the  matrix,  an  agency  would  then  want  to  match  up  the 
security  requirements  with  an  available  menu  of  technical  security  offerings.  Such  a  menu 
would  include  smart  cards,  biometrics.  Public  Key  cryptography,  signature  dynamics  and 
other  technologies  offered  by  vendors  (see  Technolog>'  Matrix  above).  Based  on  an  analysis 
of  costs,  benefits  and  risks  the  choice  of  technical  offerings  can  be  more  closeh  tailored  to  the 
actual  application  needs.  Furtlier  refinement  of  tlie  matrix  and  tlie  development  of  a  menu  of 
technology  solutions  have  been  recommended  as  part  of  this  report. 


Page  25 


>< 

H 
< 

(O 
H 
Z 
LU 

LU 

a 

LU 
01 


I- 
< 


LU 
X 

< 

Q 
Z 
< 

01 
D 
O 
LU 


H- 
Z 
LU 

LU 

o 

LU 

>- 

O 
LU 


> 

O) 

_l 

o 

o 
"q. 

Q. 

< 


^  _q;  ^ 
"5  O 

<  cr 


Q  B 


o 

00 

o 
c 

< 


c 

E  ^ 

X3  C 


(U 
O) 
T3 

O 

c 

o 
< 


o 

CD 
> 

CL 

OS 
TO 

Q 


£  o 
c  i: 
o  c 
o 

so 

iz  o 
5  < 


o  = 
I-  o 


(0 

o 
O  CO 

<  LU 

o 

Q.  < 
Q.  01 

<  < 
X 

o 


o 
j5 

3 

Q. , 
^  CD 
(/)  O) 
t/)  05 
0)  Q. 

<  ^ 
c 

O 
O) 

CO  _Q 

^  — 
o  'c5 


o 
(/) 
c 
o 

o 

.-  0. 
(D  (/) 
1      —  r- 

0  3  .2 

1  ^  o 
°  o-  " 


c  o 

C  CD 

i  :^ 

^  CD 

C  C 

I  o 

TO  (/)" 

o  ;5 


CO 


O  03 
I —  ^ 
03 

•a 


o 

^  o 
1- 

O  3 


c 
£ 

2.  </) 

o  I 

I—  OJ 

t5  ^ 

^  TO 

UJ  i: 


in 


i 


Appendix  A:  Online  Government  Task  Force  Mission 


Online  Government  Task  Force 

1.  Introduction 

The  Chief  Information  Officer  has  estabhshed  the  Online  Government  Task  Force  to 
chart  the  immediate  future  course  of  online  government  in  the  Commonwealth  of 
Massachusetts.  The  Task  Force  shall  report  to  the  CIO  on: 

a)  the  Commonwealth's  operational  needs  for  online  government  fiinctions: 

b)  the  legal  and  polic\  requirements  for  such  functions,  with  particular  emphasis  on 
the  need  for  authentication,  mtegrit> .  confidential it\  ,  and  non-repudiability: 

c)  currently  available  and  near-term  technologies  performing  such  fiinctions; 

d)  central  serv  ices  that  could  promote  the  growth  of  online  government: 

e)  the  state  of  current  technical  and  legal  efforts  in  the  Commonw  ealth,  other  states, 
the  federal  government,  and  other  countries: 

f)  specific  technical  and  legal  information  that  could  support  agencies  that  are 
implementing  or  evaluating  online  government  functions: 

g)  suitable  candidates  for  pilot  projects  for  evaluating  online  government  solutions. 

2.  Operational  Needs  for  Online  Governmejit 

The  Task  Force  should  explicitly  identify*  the  Commonw  ealth's  range  of  operations 
that  could  be  performed  better  or  more  efficientK  using  online  technologies.  The 
Task  Force  should  identify  online  government  projects  that  are  being  implemented 
now  and  are  planned  or  desired  in  the  short  term  by  agencies.  The  Task  Force  should 
identify  and  categonze  the  t>pes  of  government  functions  that  are  npe  for  netw  orked 
automation.  The  scope  should  extend  to  both  Internet  and  Intranet  communications. 

3.  Legal  and  Policy  Requirements  for  Online  Government 

The  Task  Force  should  identify  and  categonze  the  functionality  needed  for  online 
government  functions  to  comply  with  business,  legal,  and  polic\'  requirements. 
Specificalh .  the  Task  Force  should  evaluate  requirements  for  authenticit\'.  integnt> , 
confidentiality,  and  non-repudiability  of  netw  ork  communications,  with  particular 
emphasis  on  the  suitability  of  PKI  technologies. 

4.  Current  Technology 

The  Task  Force  should  assess  the  current  and  near-term  state  of  the  technology 
available  to  meet  the  business,  legal,  and  polic\  needs  of  the  Commonw  ealth.  This 
includes  testing  or  demonstrating  relevant  technolog\ .  This  effort  should  result  in  a 
narrative  and/or  a  matnx  that  represents  a  thorough  ev  aluation  of  current  offerings  b\' 
PKI  and  other  vendors,  as  well  as  an  assessment  of  the  strengths  and  weaknesses  of 
these  solutions. 

5.  Central  Services  for  Promoting  Online  Government 

Given  the  business,  legal,  and  polic\  requirements,  and  the  technologies  available  to 
meet  them,  the  Task  Force  should  identify'  key  central  services.  particularK  PKI 
services,  that  would  promote  the  use  of  online  technologies  by  state  agencies. 


Page  27 


6.  Standards  and  Guidance  for  Agencies 

The  Task  Force  should  develop  specific  standards  and  guidance  for  agencies  that 
wish  to  implement  online  government  solutions.  The  emphasis  should  be  on  concrete, 
practical  advice  that  can  materially  assist  agencies  that  have  advanced  to  the  point  of 
implementing  an  onlme  government  operation.  In  addition  to  this  specific  guidance, 
the  Task  Force  should  also  develop  information  and  advice  for  agencies  that  wish  to 
evaluate  the  benefits  of  online  technologies.  This  and/or 

other  material  should  also  serve  to  give  agency  management  the  information  they 
need  to  appreciate  and  support  online  technologies. 

7.  Pilot  Projects 

As  a  result  of  identifying  business  needs,  legal  and  polic\'  requirements,  available 
technologies,  and  the  appropriate  central  role  for  the  state,  the  Task  Force  should 
propose  suitable  candidates  for  pilot  projects  for  evaluating  online  government 
solutions. 

8.  Members  of  the  PKI  Task  Force 

Membership  in  the  task  force  is  open  to  any  public  entit>'  in  the  Commonwealth. 
Anyone  interested  in  joining  the  task  force  or  receiving  more  information  should 
contact  Dan  Greenwood  at  dgreenwood@state.ma.us  or  617,973.0071. 


Page  28 


Appendix  B:  Agency  Project  Survey  Fomri  and  Results 


The  Commonwealth  of  Massachusetts 
Executive  Office  for  Administration  and  Finance 
Information  Technology  Division 


One  Ashburton  Place   •  Room  801   •   Boston   •   Massachusetts  •  02108 


ARGEO  PAUL  CELLUCCi  Telephone:  (617)973-0762 

GOVERNOR  Facsimile:  (617)727-3766 

CHARLES  D.  BAKER 

SECRETARY 

T.  LOUIS  GUTIERREZ 

CHteP  INFORMATION  OFFICER 


August  25,  1997 


TO:  Cabinet  Secretaries 
Agenc\-  Heads 
System  Directors 

I  have  convened  an  "Online  Government  Task  Force"  to  explore  and  report  on  current  and 
recommended  uses  of  electronic  commerce  technologies  and  practices  for  the  Commonwealth.  I  am 
especially  interested  in  assisting  agencies  to  use  the  Internet  for  state  busmess  transactions.  Such 
initiatives  may  be  as  simple  as  enabhng  citizens  to  quer\'  pubhc  inlbrmation  at  your  agency  over  the 
Internet,  or  as  bottom-line  oriented  as  setting  up  secure  onlme  filings  and  pa\inents.  The  aim  is  to 
deploy  pubhc  network  technologies  to  reduce  costs  and  enhance  service  quahty  to  citizens  and 
businesses  that  interact  with  us. 

The  Task  Force  is  paying  particular  attention  to  the  legal  and  technical  requirements  for  infonnation 
secunty .  It  is  important  to  the  statewide  planning  effort  that  the  appropnate  person(s)  at  your  agency 
completes  the  attached  survey  for  each  electromc  commerce  project  you  ma\'  have  underwa\'  or  planned. 
Because  of  our  concern  that  constituents  and  state  busmess  partners  not  fmd  themselves  faced  with 
incompatible  or  fragmented  technologies  as  agencies  begin  to  bring  their  business  online,  agenc\ 
participation  m  this  survey  is  essential  to  having  executive  branch  agency  initiatives  endorsed  and 
supported  m  the  statewide  onhne  government  plan. 

The  Information  Technology  Division  win  be  allocating  some  of  its  MAGNet  infonnation  technology 
mvestment  funds  m  FY98  to  assist  selected  agencies  in  implementing  projects  identified  through  this 
survey,  in  the  form  of  matching  funds. 

Your  staff  ma\'  submit  the  attached  surve>',  or  complete  the  surve\  online  at 

http :// www,  state. ma. us/itd/ ogtf  htm .  If  you  have  an\'  questions  about  the  survey  or  the  Task  Force, 

please  contact  Dan  Greenwood  by  telephone  at  (617)  973-0071  or  b\  sending  e-mail  to 

Dan.Greenwoodrd'state.ma.us. 

Thank  you  very  much  for  your  assistance  with  this  exciting  and  important  endeavor. 

Sincerely, 


T.  Louis  Gutierrez. 
Chief  Information  Officer 


mmmmmmmm 


Page  29 


Online  Government  Task  Force  Project  Survey 

Agency:  

Name  of  project:  

Brief  descnption:  

Contact  name:   telephone:    e-mail:   

1.  This  project  will  be  based  on: 

O         an  existing  (or  "legacy")  system  with  few  or  no  changes 
or  O         a  replacement  for  an  existing  system 

or  O         a  completely  new  system 

2.  Users  will  be  accessing  Uie  system  (select  all  that  apply)  : 

□  from  within  tlie  state/agency  network  (MAGNet) 

□  from  within  a  state  network  external  to  MAGNet 

□  from  the  Internet 


3.  Users  of  this  system  are: 


O 

not  known  in  advance 

or 

o 

of  a  known  community  (select  all  that  apply)  : 

□ 

state  field  workers 

□ 

state  regional  offices 

□ 

contracted  providers 

□ 

regulated  businesses  or  professionals 

□ 

Massachusetts  local  governments 

□ 

other  governments  (federal,  other  states,  etc.) 

or 

o 

pre-identified  through  some  other  process-  please  describe: 

4.  Users  will  be  able  to  (select  all  that  apply): 

□  quer>'  (search)  a  database 

□  update  a  database  (submit  infonnation) 

□  pay  fees-  required 

□  pay  fees-  optional 

□  other-  please  describe:   


Verifying  the  identity  of  the  user  ("authentication")  is: 

O         not  required. 
or  O         required,  with  a  Qhigh,  Qmedium,  or  Qlow  degree  of  certainty. 

How  is  identitv'  established  in  your  current  s\'Stem? 


6.  Will  statutory  or  regulatory  changes  be  needed  for  tliis  project?  Gves  Qno 

7.  O         Communications  do  not  need  to  be  secured. 
or  O         Communications  need  to  be  secured: 

□  to  ensure  privacy  or  confidentiality 

□  for  non-repudiation  (proof  that  a  particular  person  sent  particular  data) 

□  for  access  control  (authenticate  users  and  w  hat  tliey  can  do) 

8.  At  what  stage  is  tliis  project: 

;D         being  conceptualized 

or  O         concept  accepted,  being  designed  or  plaiuied 

or  O         funding  and  resources  identified/committed 

or  O         work  is  being  done! 

This  survey  can  be  completed  online  at  http://www.$tate.ma.us/itdyogtf.htm,  or  send  paper  to:  Dan 
Greenwood,  Information  Technology  Division,  rm.  801.  One  Ashburton  Place.  Boston,  MA.  02 108 


Page  30 


0) 
0) 


3 

u 

(0 


aBejs 


|oj;uoo  ssaoov 


uoiiejpnda^ 
-uoN 


uo!)e3!)U9mnv 


CD 

o 


Q. 

<D 
O 

c 

o 
O 


O) 

c 

CP 

o 


o 

T3 


O 

c 
o 
O 


c 


c 
o 

T3 


Q. 

O 
C 

o 
O 


o 
sz 
o 
O 


(1) 
O 

o 
O 


Q- 
<U 
O 

c 
o 
O 


Q. 

o 
c 
o 

o 


■D 

to  OJ 


3 

(O 

LU 
OH 

>■ 
LU 
> 

Z) 
CO 

I- 
o 

LU 
-J 

o 

Q. 

>- 

o 
z 

LU 
< 


c 
o 

u 
c 

3 


>  o 


c 

o 

CO  Q) 


LU  .9 

"to 

E  M 

CO  ro 


ajBpdn 


Ajano 


(A 
(A 

u 

U 
< 

0) 
M 
3 


dmsuojieia^ 
pue  sjasfi 


.  -  >^ 

^  TO 
o 

ro  E 

c 
5 
o 
c 


0) 

> 
o 

Il 

O  q3 


T3    .  . 

"to 

^  Q- 


o  O 
T3  0) 


(/) 

O  QJ 
■  :  T) 

8,™ 


o 

ry>  in  c 

0)  >-  > 

fl)  > 


1  = 

o 


CO  J2 


o  c 


c 

(/)  o 

1  ^i: 


I/) 

-  ^  2- 
§  2  o 

T3   O  3 

q3  "  ^ 


CO  o 


(0 

ir 
a3 

o  ^ 

05  O 

T3  C 

0)  o 


CC  CL 


CD 

■R 

0) 

c 

o 

is: 

OJ 

c 
o 

1/5 
(/5 
O) 

o 


CD 
Q.  OA 


0} 

(D 
Q. 

X 

(15  Q. 

£ 

TO  0) 

05  -« 


19N9VIAI  ap!SU| 


)auja)U| 


LuaisAs 
paseg  A3e6a~| 


u 

9) 

'o 

Q. 

■o 


>« 
u 
c 

0) 
O) 

< 


(A 

c 
_o 

'■*-» 

ra 

O) 

*■«-» 

(A 
> 

£  E 

—  0 

.2  -K 
o  >-4 
0)  CO 

^-^ 

o 

O  -CD 
3  TO| 

ro  -= 

0)  W5 

ll  05 

3  > 

CQ  S 


o 

Q. 

nj  i/5 

Q.U. 

E 

O 
O  O 


OJ  ^ 

£  >  CD 

O  0)  o 

(J  WD  CL 


o 

05^ 
O 

.  .  Q. 
!l  (D 

o  w 
o  ^ 

O 

4->  0) 

C  <n 
O  05 

E 


■D 

re  c 
.E  E 

Q. 
O 


O  m 


E 

05 

"to 

>^ 

CO 
"c 

05 

E 

05 
TO 
CD 
C 
CD 


Si 


0) 


0)  b 
Q  E 


^  =  ^  - 
™  c  c  u- 
°  -  O 


<u  

Q  CJ  O 


>  05 
*-  05 

o  ct 
^  E  .2 

t     I'  m 

re  LU  ^ 

Q)  (D  05 
Q  h-  > 


0)  C 

O  05 
^  05 


I  2  - 

Q.  05 

0)  o  V. 

Q  O  LU 


Q.  (/5 
Q)  3 

Q  O 


LLI 


(U  0) 

s:  § 

0)  I— 

0^  05 
X-  -D 

O  c 

C  LL 

%  y 

E  c 

•C  o 
re 

Q.  <-> 

O  LU 


i/J 
in 

05 

■o 

T3 

< 

"o 

05 
TO 


^  -i — 

^  E  05 

CD   -f  >, 

^-^  m 

—  S  Q- 

Q.  0)  re 

<|0  I- 


c 

XI 

I  § 


^  <u 


Q. 

o 
c 
o 
O 


a. 

o 
tz 
o 
O 


■D 

0) 
0) 


3 
U 
9) 


|oj)uoo  ssaoov 


uo!)e!pnda^ 
-uoN 


uojieojiuamnv 


C 

o 

u 

c 

3 


a. 

CD 

E 

■D 

(U 

c 

—  T3 


o 

I  I 

CD  £ 
O  Q-g 


01  in 

O)  to 

(1)  CD 

Q::  o 


o  c: 


bay-seej  Aed 


ajepdn 


Ajano 


(A 
(A 
0) 
O 
O 
< 

0) 
(A 
3 


dmsuo!)e|a^ 
pue  sjdsn 


(D 
Q. 

"(D 
C 

q3 
■R 

c 

o 
c 


—  (/) 

cu  o 

a. 'I' 

c  £ 

QJ  O 

E  CD 

QJ  > 

1  s 

^  0) 


■D 

QJ 
(/) 
C 
QJ 
O 

^  1 

o  o 
c 

QJ 

o  2 
-fc  o 


s  2 


x> 
n 
a. 

(^1 


CD  QJ 

I  E 

O  Q. 

CD  o 
O 

OJ  (/) 

QJ  (/) 
QJ 

QJ  C 

CO  XI 


c   

Q)  CD 


QJ  -t? 

^  QJ 

QJ  T3 

O  C 

□  ro 

"O  CD 

CD 


CD 
0 
QJ 

c 
o 

a 

CD 
C 

QJ 
QJ 


XI 
ZJ 


Q.(D 


QJ 

■o 

5  > 

(/)  -e 

-O  CD 

OJ  CL 

QJ  Id 

^  "^^ 

CC  QJ 


c 

If) 

QJ 

o 

> 

c 

CD 
Q. 

o 

ical 

ces 

rnal 

s.  Lo 

servi 

exte 

Mas 

ncy 

and 

</) 

QJ 
DJ 

CD 

QJ 

a 

O 

V*— 

nne 

QJ 

o 

QJ 

2  55 
O  £ 
OJ  o 

0  - 

1-  (/) 

CD  O 

175  _^ 

CD 

o 
o 


^  —I 

O 

^  !5 

_,  CD 
QJ 

QJ  QJ 
CD 

CO  o 


O  CD 
C  Q-l 

w  E 
o  ^ 

O)  QJ 


J2 


laNOVlAI  9P!SU| 


iauja)U| 


LuajsAs 
paseg  A3e5a~| 


S 

Q. 

■o 

C 
10 

>. 
o 
c 

0) 

< 


i2  5 

c  c 

ra  — 

CD  T3 

O  CD 

O  c 

w  OJ 


Q  < 


X 
QJ 

.  .  Xl 

W  £ 

il 

UJ  O 


OJ  JS  QJ 
X  !C  *i 
UJ  <  ^ 


fl)  _ 
W 

O  <D 

O  c 

<u  ° 

o  ^ 

£  i/j 

O 

>  CD  .2 

••5  w 

(U  XJ  o 

X  n 

UJ  Q.  S 


•a  = 
0?  re 


w"  E 

.SJ  c  , 

OJ 

■S  >  o 

.i2  c  Q. 

Li.  UJ  CO 


CD 
QJ 

c 

QJ 
O 

O  S 

  X 

«  (J 

0)  to 
C 

0)  CD 


XI 
QJ 

o  r 

0  QJ 

^§ 
1 1 

E  2 

1  - 

O  QJ 

O  5 
X  CO 


0).E 
0)  _ 
=  CD 

O  c 

^  QJ 

•E 

D  O 


C  VJ 

O  o 

U  o 

O  OJ 
>>T3 

0  2 

1  CO 


c 

QJ 

E 

.  .  Q) 
>>  OJ 
(T5  CD 

l| 

5  c 


CD 
"cD 

Q 


o 

_QJ 
LU 


r-  OJ 


0)X 


QJ 
-P  — 
0)    >-  CD 

re  o 

™    Q)  X 


c 
o 

"cD 

E 

. .  o 
re 

$  o 
x:  Q) 

I  > 
re  CD 


T3 
0) 
O 


3 

U 
0) 


lOJiuoQ  ssaoov 


Q. 

o 
c 
o 
O 


'w 

0) 

Q 


C 
X2 


c 


c 

(/) 
0) 

Q 

CO 
> 


Q. 
(U 
O 

c 
o 
O 

</) 


(U 
O 
C 

o 
U 

CO 
0) 

> 


O 

c 
o 
O 


uojjejpnda^ 
-uoN 


uojieouuamnv 


■a 


CQ 
C 

o 

u 
c 

3 


0,  0) 

1^ 


i-  2^ 


:3 


10  CO 


o 


'ba^-saaj  Aed 


ajepdn 


Ajano 


(A 
(A 
0) 
U 

u 

< 

(A 

U 


03 
C 

o 

2  I 

CD  O 
CO 

.  -  in 

m  ^ 


djgsuojieia^ 
pue  sjasn 


o 

0)  CD 
CO  o 


Q. 

15 

■a 
c 
ro 

15 
c 

Q) 


15 
c 
o 


(1) 


o  ^ 

0)  o 

CO  o 

(O  _1 
<u 

C  CO 


(U 

TO 

6  15 
"£  E 

-  (D 
QJ  ■  — 

E  ^ 


<  S 


$ 
o 
c 

c 

T3 
C 
TO 

(O  (/) 
q;  Q) 

tr  tr 

a.  Q. 

15  15 
c  c: 

(U  0) 

■5<  ^ 

0)  QJ 


3 
O 
03 

■a  >, 

03  03 

Si 

CO  E 


03  >^ 

o 

<^  -s; 

1-  03 
Q)  E 

CO  E 


0) 
CO 
Z3 

C 
(T3  >, 

03 

D)  CL 
C  _ 
T3  ^ 

C  E 

<U  <u 

CO  E 


o 

(O 
0) 

cn 

03 

c 

03 

t;  03 

03  E 
Q-  (1) 

Q  .E 


03  2^ 
O  03 

O  oj 


lo'D 

0)  lO 
>^  (/5 

_o  0) 

CL  Q. 


CO  o 


o 
c 

I  - 
c  ^ 
3!  15 


it  0) 
03 

"to  Q) 
C 

03  E 

s-^ 

Q  .E 


»aNOVIAI  apisui 


}auja)U| 


LuaisAs 
paseg  ADeBa-] 


u 

0) 

2* 

0. 

■o 
c 

(S 

>« 
u 
c 
a> 

< 


(0 

E 

<u 

"to 

CO 

o 

E 

re 

o 

.2' 15 
2  o 


c 
E 

O) 
03 

03 


~  03 
to 

E 
o 


CO 


E 

o  s 

Q.  (o 

O  <  d) 


c 

3 

E 
E 
o 
(J 

tJ 

w 

U 
TO 

i± 

O  o 


Q 


0) 
D) 

o 
O 

'E 

3 

E 
E 
o 
(J 


0)  CL 

o  g' 

>»  c 

±;  oj 

C  CL 

D  I" 

E  o 

E  r 

O  Q) 

(1)  0) 

W  CO 


(O 


o  S 

2  CO 


0 
O) 
0) 

o 
o 

>» 

E  c 

II 
§? 

O  o 

2!  ^ 
o  ^ 

O  03 
2  DO 


(O 

l:  I 
=51 
c 

c  c 

O  03 

O  2 
0) 

O  CO 

.y  < 

O  2 


_0 

o 

Q. 

o 

E 

c 

o 

(1) 

o 

03 

(V 

>*- 

o 

CO 

0) 

o 

< 

E 

O 

Q) 

(/) 

_a) 

O 

"5 

X 

i» 

0) 

Q. 

01 

E 

o 

CD 

o 

LU 

0) 

■*-» 

XI 

o 

0) 

CO 

o 

£ 

< 

O 

2 

CO  Q 


o  E 

2  3 

O  a 


Work  being 
done 

Work  being 
done 

Concept 

Design 

Security  Need 

|oj)uoo  ssaoov 

in 
> 

o 
z 

o 

z 

o 

z 

uo^eipnda^ 
-uoN 

o 
Z 

o 
Z 

o 

z 

o 
Z 

o 
z 

(/) 

> 

o 

z 

o 
Z 

uo!)e3|)uamnv 

t/) 
0) 

> 

to 

> 

o 

z 

o 
Z 

Functionality 

i9mo 

Issues  a 
confirmation  of 
your  order. 

ba^-saaj  Aed 

o 
Z 

to 
> 

eiBpdfi 

(/) 

> 

tn 
> 

to 
> 

Ajano 

in 

o 

z 

(/> 
0) 

> 

to 
0) 

> 

User  Access 

dmsuojieia^j 
puB  sjasfi 

All  Prospective  Bidders;  public 
agencies,  general  public. 
Unknown  external  party 

General  public.  Unknown  external 
party 

General  public.  Unknown  external 
party 

General  public.  Unknown  external 
party 

laNOVIAI  9P!SU| 

(/) 

OJ 

> 

o 
z 

o 
Z 

o 
z 

)auja}U| 

c/) 
CD 
> 

I/) 

> 

</> 

> 

(/) 
0 
> 

uj3)sAs 
paseg  AoeOan 

O 

z 

(/) 
OJ 
>- 

to 

0 

Agency  and  Project 

Operational  Services  Division: 

Comm-Pass 

Registry  of  Motor  Vehicles: 

Express  Lane 

Secretary  of  State: 

Voter  Information 

Worcester  State  College: 

Colleague  INTERNET  Access 

Appendix  C:  Request  for  Information 

Request  for  Information 

Secure  Online  Transactions 

Thursday,  April  24,  1997 

The  Commonwealth  of  Massachusetts,  acting  through  the  online  Government  Task 
Force,  is  contemplating  the  release  of  one  or  more  procurements  for  electronic 
commerce  products  and/or  services.  This  Request  for  hiformation  (RFI)  is  mtended 
to  solicit  information  that  could  be  useful  in  drafting  subsequent  RFRs.  This  RFI 
specifically  seeks  information  on  products  and/or  services  that  will  enable  the 
Commonwealth  of  Massachusetts  to  use  the  Internet  and  internal  networks  for  secure 
messaging  and  transactions. 


Section  1:  Background 

The  Chief  Information  Officer  for  the  Commonwealth  of  Massachusetts  has 
convened  the  Online  Government  Task  Force  to  chart  the  immediate  future  course  of 
online  government  in  Massachusetts.  The  Task  Force  consists  of  representatives  from 
a  number  of  different  agencies,  departments  and  offices  of  the  Commonwealth.  The 
Task  Force  is  investigating  solutions  that  improve  efficiency  and  service  quality 
using  internal  and  Internet-based  electronic  communications  that  possess 
authentication  (to  achieve  access  control  as  well  as  non-repudiation),  integrits .  and 
confidentiality. 

The  Commonwealth  has  made  information  technology  (IT)  development  and 
electronic  communications  a  priority,  spending  approximately  $350  million  on  IT 
annually.  The  Commonwealth  seeks  to  make  a  large  number  of  routine  business 
transactions  available  over  the  Internet  and  internal  networks,  with  the  intent  that 
they  will  be  performed  for  less  cost  and  conducted  at  a  higher  qualit\'  service  level 
for  citizens,  regulated  entities,  vendors  and  others.  The  Commonwealth  seeks  to 
create  methods  for  secure  access  to  a  number  of  business  transactions  via  electronic 
media,  including  licensing,  permitting,  applications,  filings,  procurement  and  a  host 
of  other  functions.  Internally,  the  Intranet  is  being  looked  at  as  a  potential  mechanism 
to  alleviate  the  crush  of  paper  associated  with  a  large  number  of  routine  state 
government  fimctions.  including  personnel,  procurement  drafting,  and  other 
collaborative  data  sharing,  work  flow  or  messaging  applications. 

Today,  the  Registry'  of  Motor  Vehicles  (RMV)  processes  a  number  of  transactions 
and  accepts  credit  card  payment  over  the  state  web  site.  The  RMV  transactions  assure 
the  confidentiality  of  credit  card  data  over  the  Internet  by  use  of  public  ke\ 
cr>ptography  implemented  with  the  SSL  2  protocol.  The  Division  of  Banks  (DOB) 
has  embarked  on  a  pilot  project  to  receive  authenticated  online  filings  by  banks  over 
the  state  web  site.  The  DOB  pilot  assures  the  data  is  confidential  and  the  identit\  of 


Page  35 


the  filing  bank  and  individual  filer  is  authenticated  by  use  of  public  ke\  cnptographv 
implemented  with  the  SSL  3  protocol.  The  banks  participatmg  in  the  DOB  pilot  are 
issued  standard  X.509v3  digital  certificates  associated  with  the  bank  pubhc  ke\ . 

While  the  Task  Force  is  mterested  in  all  relevant  replies  to  this  request  for 
information,  responses  that  propose  cost  effective  and  currentK  available  methods  to 
assure  non-repudiation  are  of  particular  interest.  Non-repudiation  means  a  method  to 
prevent  or  sufficiently  rebut  subsequent  denial  of  transmittal  or  receipt  of  a  given 
message  or  participation  in  a  given  transaction.  In  some  cases,  this  non-repudiation 
must  be  capable  of  tying  an  individual  to  a  particular  piece  or  set  of  data  at  a 
particular  time.  For  non-repudiation,  mere  access  control  based  on  an  SSL  3 
implementation  of  public  key  cr\ptography  and  digital  certificates  will  not  suffice, 
unless  some  additional  technique  exists  to  bind  the  identit}-  of  a  given  party  to  the 
message  or  transaction  engaged  in  b>'  that  part> . 

Section  2:  Purpose  of  RFI 

The  Task  Force  seeks  responses  from  vendors  which  offer  information  about 
currently-  available  solutions  to  any  or  all  of  the  following  business  needs  and 
example  applications: 

2.1  Internet  access  with  Authentication. 

Such  an  application  would  involve  access  via  the  Internet  to  Commonwealth  data 
located  behind  the  firewall. 

Example: 

Certain  companies,  for  a  legitimate  business  purpose,  need  to  know  the  driving 
records  of  certain  employees.  A  solution  is  needed  that  will  allow  a  pre-selected 
group  of  companies  to  access  employee  driver  histories  and  determine  dnver  status 
fi"om  a  state  database.  Access  control  is  required  to  allow  companies  to  access  only 
the  driving  records  of  their  employees. 

General  Considerations: 

Authentication,  in  the  example  above,  is  being  utilized  to  assure  access  control  to 
defined  data  on  the  network.  Assuming  the  data  is  being  viewed  with  a  web  browser, 
then  some  provision  may  also  be  required  to  assure  the  data  remains  confidential  and 
has  not  been  altered  while  in  transit  over  the  Internet. 

2.2  Internet-based  data  submission  with  non-persistent  connection. 

Such  an  application  would  involve  access  via  the  Internet  to  a  Commonwealth 
database  behind  the  firewall  for  the  purpose  of  submitting  information. 

Example  1: 

For  the  purpose  of  posting  requests  for  response  as  part  of  a  procurement,  certam 
users  would  be  allowed  access  to  a  state  procurement  services  database.  pro\  ided 
authentication  and  non-repudiation  is  available  for  each  submission. 


Page  36 


Example  2: 

For  the  purpose  of  appK  ing  for  a  professional  or  commercial  license  renewal,  certam 
users  would  be  allowed  access  to  a  state  license  database,  where  the  application  form 
would  be  electronically  delivered.  As  in  the  previous  example,  non-repudiation  is 
required  to  prevent  the  applicant  from  denying  information  submitted  in  the 
application  and  to  provide  proof  that  the  state  received  a  particular  application. 

General  Considerations: 

The  posting  of  bids  in  response  to  a  procurement  and  the  submission  of  a  license 
application  raise  a  number  of  issues  that  are  unique  to  those  processes.  The 
Commonwealth  will  be  performing  a  number  of  other  transactions  as  well,  including 
grant  applications,  online  permitting  and  various  filings  with  state  agencies.  The 
Commonwealth  will  pursue  some  transactions  under  this  category  (Internet-based 
data  submission  with  non-persistent  connection)  that  will  not  require  non- 
repudiation.  Some  of  these  transactions  would  require  onh  front-end  authentication 
for  access  control,  other  transactions  would  not  require  authentication  of  the  identity 
of  the  person  submitting  data  for  either  access  control  or  non-repudiation.  However, 
the  Task  Force  is  particularly  interested  in  information  relating  to  non-repudiation. 

2.3  Internet-based  data  exchange  with  persistent  connection. 

Such  an  application  would  involve  access  via  the  Internet  to  an  online  application 
located  behind  the  firewall  such  that  the  user  would  be  authenticated  once,  and  the 
system  w  ould  maintain  the  identit\'  of  the  user  in  all  portions  of  the  application 
throughout  the  duration  of  the  session. 

Example: 

For  the  purpose  of  negotiating  and  crafting  contract  agreements,  both  state  users  and 
non-governmental  users  would  be  allowed  access  to  a  common  document 
management  and  electronic  workflow  application,  with  all  users  considered 
"members"  of  the  workflow  and  able  to  perform  tasks  in  the  workflow.  The 
application  front-end  allows  users  to  submit  documents,  edit  documents  and  quer\ 
databases  behind  the  firewall. 

Section  3:  Environment 

The  following  diagram  describes  the  Commonwealth's  current  and  near-term 
computing  and  communications  environment.  See  Attachment  1 . 


Section  4:  Other  Considerations 

Interested  vendors  ma>'  provide  information  regarding  products,  services  and/or 
integrated  solutions  that  address  either  some  or  all  of  the  above-mentioned  business 
needs.  The  purpose  of  this  RFl  is  to  pro\'ide  the  Commonw  ealth  with  information 
that  could  be  usefiil  in  developing  one  or  more  RFRs  for  secure  online  transactions 
and  messaging.  Please  feel  fi-ee  to  respond  to  any  specific  questions  in  this  RFI  or  to 


Page  37 


offer  any  other  information  that  you  feel  could  be  useful  to  the  Commonwealth  in 
making  decisions  about  an  RPR.  In  addition  to  the  questions  raised  m  the  previous 
sections,  the  Commonwealth  is  interested  m  information  on  the  following. 

4. 1  Identify  and  descnbe  all  sofhvare  or  hardware  required  on  a  client  workstation  for  the 
proposed  product/service/solution. 

4.2  Identify-  and  describe  an\'  back-end  software  or  hardw  are  required  of  the  proposed 
product/service/solution. 

4.3  Describe  how  your  product/service/solution  scales  to  the  enterprise. 

4.4  What  are  the  short,  mid  and  long  term  electronic  records  archival  ramifications  of  the 
proposed  product/service/solution,  includmg  suitability  for  audit  and  admissibility  in 
evidence  in  a  court 

4.5  How  is  the  product/service/solution  compliant  with  the  provisions  of  the  Americans  with 
Disabilities  Act? 

4.6  How  is  the  product/service/solution  Year  2000  compliant? 

4.7  What,  if  any,  privacy  concerns  are  raised  by  the  authentication  techniques  proposed  and  how- 
are  those  concerns  addressed? 

4.8  Does  the  proposed  product/service/solution  offer  any  online  payment  capabilities?  Please 
describe. 

4.9  Describe  an\-  current  implementations  of  your  product/service/solution  and  note  an\- 
busmess  partners  involved  with  that  implementation. 

4.10  Provide  information  about  your  company  and  its  histor\'. 

4. 1 1  Provide  cost  information  about  the  proposed  product/service/solution. 


Section  5:  Procedural  Information 

This  RFI  is  not  an  offer  or  solicitation  and  does  not  obligate  or  bind  the 
Commonw  ealth  to  procure  any  goods  or  services  as  a  consequence.  Responses  to  this 
RFI  do  not  constitute  bids  or  proposals  and  are  not  legalK  binding  on  the  respondmg 
part\'.  Respondents  ma\  not  charge  ITD  or  the  Commonwealth  of  Massachusetts  for 
any  costs  associated  with  the  preparation  of  responses  to  this  RFI.  This  RFI  is  being 
released  on  Commonwealth's  Procurement  Access  and  Solicitation  System  (Comm- 
PASS).  A  copy  of  this  RFI  is  also  available  at  ITD"s  legal  department  web  site  at 
<http://www.state.ma.us/itd/legal>.  The  schedule  of  events  for  this  RFI.  subject  to 
amendment,  is: 

Thursday.  April  24,  1997  RFI  released  on  Comm-PASS 

Friday,  May  2.  1997  Informational  session 

Monday,  May  12,  1997  Responses  due 


Page  38 


The  informational  session  will  be  held  at  One  Ashburton  Place,  Room  801.  Boston. 
MA  02108  from  10:00  am  to  1 1:00  am.  Please  inform  the  chairman  of  the 
procurement  management  team  (preferably  by  e-mail)  if  you  will  attend  the  session 
so  that  adequate  seating  can  be  made  available.  Organizations  or  individuals 
responding  to  this  RFI  should  submit  ten  copies  of  their  response  in  writing, 
accompamed  by  an\  attachments,  exhibits  or  software,  to  the  chairman  of  the 
procurement  management  team  by  5:00  pm  on  Monday,  May  12,  1997,  Responses 
must  also  be  submitted  via  e-mail  or  on  floppy  disk  in  Word  for  Windows, 
WordPerfect  format,  or  as  a  Text-Only  document.  The  chairman  of  the  procurement 
management  team  is: 

Dan  Greenwood,  Deputy  General  Counsel,  Information  Technology  Division 

Online  Government  Task  Force,  Team  Leader 

One  Ashburton  Place,  Room  801 

Boston,  MA  02108 

617.973.0071 

<dgreen  wood@state .  ma.  us> 


Page  39 


Appendix  D:  Electronic  Authentication  Primer 
PKI  and  Other  Authentication  Technology 

There  are  many  ways  to  create  an  electronic  signature.  Tliese  can  range  from  simple  methods, 
such  as  typing  a  name  at  the  bottom  of  an  e-mail  message,  to  more  comple.x  and  secure 
methods  involving  biometnc  technologies,  such  as  fingerprint  or  retmal  scans.  Otlier  t\pes  of 
autlientication  methods  tliat  are  used  to  create  electronic  signatures  include  the  use  of 
magnetic  stripe  cards  and  PIN  numbers,  user  names  and  passwords,  public  key  cr\ptography, 
writing  tablets  with  electronic  pens,  or  even  smart  cards  that  generate  a  unique  access  code 
ever>'  few  seconds.  As  technolog\  advances,  the  list  of  viable  altematj\  es  is  certam  to  grow . 

Because  there  are  so  many  ways  to  create  an  electronic  signature,  and  because  many  of  them 
do  not  resemble  a  holographic  "autograph,"  man\  law  refonn  efforts  have  adopted  tlie  term 
"authentication"  rather  than  "signature."  For  example,  tlie  current  drafts  of  Uniform 
Commercial  Code  Articles  2  and  2B  eliminate  the  term  "sign"  and  instead  allow  the 
authenticit>  of  documents  to  be  proven  in  any  reasonable  manner'  Tliese  drafts  also  clarify 
that  assent  may  be  manifested  through  any  form  of  authentication,  including  proof  of  the 
authentication  process  itself.' 

One  of  the  most  interesting  and  robust  technologies  being  used  and  developed  for 
authentication  purposes  is  known  as  public  key  cr>ptography,  wliich  allows  for  a  very  high 
degree  of  reliabiht>'  when  implemented  properly.  A  "digital  signature"  does  not  refer  to  the 
image  of  a  signature  in  any  way.  Unlike  an  "electronic  signatiu-e"  which  is  simply  any  s>  mbol 
or  process  intended  to  be  a  signattire  and  a  "digitized  signature"  which  refers  to  an  electronic 
image  of  a  signature,  a  "digital  signature"  is  actually  a  term  of  art  that  refers  to  the  scrambling 
of  data  in  order  to  provide  securit\'  and  authentication.  Wltile  die  techiucal  details  of  public 
key  cryptography  are  extremely  complex  and  have  limited  utility  to  a  broader  audience,  an 
imderstanding  of  the  basic  concepts  is  both  accessible  and  useful.  Due  to  tiie  ciurent  interest 
in  deploying  large-scale  public  key  systems,  it  is  hkely  that  this  technology  will  touch  many 
areas  of  the  economy.  In  fact,  the  growth  of  public  key  systems  in  many  sectors  of  the 
economy  suggests  that  a  rudimentan'  knowledge  of  these  concepts  w  ill  sen'e  lawyers  well 
when  legal  questions  arise  as  a  result  of  tliis  technolog\ . 

The  Basics  of  Public  Key  Cryptography 

Codes  and  cnptography  are  thousands  of  years  old.  AlUiough  cryptograph)  became  much 
more  sophisticated  m  modem  times,  it  still  relied  on  both  the  sender  and  tiie  recen  er  knowing 
the  same  "secret  key"  to  encode  and  then  decode  messages.  To  be  secure,  a  secret  key  coding 


'According  to  the  UCC  March  2 1 ,  1997  Draft  2B-102(aX2)  and  the  UCC  May  16,  1 997  Draft  2- 
102(aXl )  "'Authenticate'  means  to  sign  or  to  execute  or  adopt  a  symbol,  mcluding  a  digital  signal  and 
identifier,  or  to  do  an  act  that  to  encr\pt  a  record  or  an  electronic  message  m  whole  or  m  part,  with 
present  intent  to  adopt,  establish  the  authenticity  of,  or  signify  a  party's  acceptance  and  adoption  of.  a 
record  or  term  that  contains  the  authentication  or  to  which  a  record  contairung  the  authentication  refers." 
Under  Reporter's  Note  2  of  the  same  section  it  is  explauied  that  "This  article  replaces  the  traditional  idea 
of  "signature"  or  "signed  "  with  a  term  that  incorporates  modem  electronic  systems,  mcluding  all  forms 
of  encryption  or  digital  symbol  systems.  Substantive  rules  on  proof  of  authentication  are  m  Section  23- 
[1 14].  Basically,  the  fact  of  authenUcabon  can  be  proved  in  any  mamier  including  proof  of  a  process  that 
necessarily  resulted  in  authentication.  Use  of  an  "attribution  procedure"  agreed  to  by  the  parties  per  se 
establishes  that  a  symbol  or  act  constitutes  an  authentication." 

^  See  UCC  March  21,  1997  Draft  2B-1 12.  2B-1 14(b):  "A  record  or  message  is  authenticated  as  a  matter 
of  law  if  the  symbol  executed  or  adopted  by  a  party  complies  with  an  attribution  procedure  for 
authentication  agreed  to  or  adopted  by  the  parties.  Otherwise,  authentication  ma\  be  proven  m  any 
mamier,  mcluding  by  showing  that  a  procedure  existed  by  which  a  partv  necessarily  must  have  executed 
or  adopted  a  svinbol  m  order  to  proceed  further  in  the  use  or  processing  of  the  infonnauon." 


Page  40 


system  requires  some  method  for  distributing  tlie  secret  key  to  intended  users  witliout  it 
falling  into  the  liands  of  otlier  parties. 

The  basic  nature  of  the  Internet  makes  it  poorly  suited  for  a  secret  key  system  because  it  is  an 
"open"  network  in  which  messages  may  make  several  "stops"  before  arriving  at  tlieir  fmal 
destination.  This  creates  a  serious  risk  tliat  a  Uurd  part)  could  intercept  a  secret  key  at  some 
point  along  its  routing,  which  would  allow  him  to  read  encoded  messages  or  even  send  coded 
messages  purporting  to  be  from  an  autlionzed  holder  of  tJie  secret  key.  Physically  deliv  enng  a 
secret  key  to  ever\'  user  by  secure  channels  would  be  slow,  expensive,  unwield) .  and  would 
effectively  rule  out  serendipitous  or  one-time  transactions  between  people  and  firms  that  have 
not  previously  exchanged  secret  keys. 

Public  key  cryptography  eliminates  tlie  need  for  users  to  share  a  secret  key.  which  makes  it 
ideally  suited  for  conununications  over  "open"  networks  such  as  the  Internet.  While  the 
following  illustration  describes  a  complex  process,  the  liardware  and  software  tJiat 
implements  this  technolog}'  will  shield  tlie  end  user  from  these  details;  end  users  will  fmd  no 
need  to  concern  themselves  witli  the  complicated  background  operations  that  make  the  s\  stem 
possible. 

With  a  public  key  system,  each  user  will  have  software  that  will  generate  two  related  keys 
known  as  tlie  public  key  and  tlie  private  ke> .  The  fundamental  characteristic  of  tliese  key  pairs 
is  that  the  public  key.  and  onl\  that  public  key,  can  decrypt  a  message  encrypted  with  its 
corresponding  private  key.  Similarly,  tlie  private  key.  and  only  tliat  private  key.  can  decr>pt  a 
message  encrypted  with  its  corresponding  public  key.  As  such,  tliese  key  pairs  are  analogous 
to  secret  decoder  rings  from  a  box  of  cereal,  where  each  ring  fits  into  its  companion  ring  and 
no  other.^ 

Once  Bob,  a  user,  has  generated  his  public/private  key  pair  with  a  computer,  he  keeps  liis 
private  key  very  secure  (protected  by  a  password  on  his  computer  or,  preferably,  a  smart  card 
locked  in  a  safe)  but  he  makes  his  public  key  freely  available  by  sending  it  to  people  or  by 
posting  it  to  a  public  key  directory'  on  the  Internet.  Tlien,  if  Alice,  another  user,  wants  to  send 
Bob  a  private  message  she  can  obtain  Bob's  public  key  and  use  it  to  encrypt  tlie  message. 
Since  only  Bob's  private  key  can  decrypt  a  message  tliat  has  been  encrj'pted  with  liis  public 
key,  both  Alice  and  Bob  can  be  sure  that  only  Bob  can  read  the  message.  Thus,  public  ke\ 
cryptography  allows  two  people  to  send  secure  messages  without  tlie  need  to  exchange  a 
secret  key  througli  a  secure  channel.  Only  Bob's  public  key  needs  to  be  shared  m  order  for 
Bob  to  receive  completely  secure  messages. 

This  unique  cliaracteristic  of  public  key  cryptography  also  forms  tlie  basis  for  secure  digital 
signatures.  Tliis  process  is  illustrated  in  the  diagram  below.  In  order  to  generate  a  digital 
signature.  Bob  must  first  have  a  message  (1)  tliat  he  wants  to  sign  and  send  to  Ahce.  Tlie 
message  could  be  as  simple  as  an  e-mail  message  or  as  complicated  as  a  lengtliy  contract.  Bob 
would  tlien  run  liis  communication  to  Ahce  tlirough  one  of  several  standard  algoriUuiis  known 
as  hash  functions  (2)  Uiat  performs  a  series  of  matliematical  operations  on  tlie  original 
message.  Tlie  liash  function  produces  a  number  called  a  message  digest  (3),  which  can  be 
tliought  of  as  a  fmgerpriiit  of  the  message,  because  any  change  in  the  message,  no  matter  how 
sliglit,  will  cause  tlie  liash  function  to  produce  a  completely  different  message  digest.  Bob 
then  encrypts  the  message  digest  with  liis  private  key  (4).  The  message  digest  encrvpted  witli 


^  The  math  underlying  public  key  cryptography  is  rather  esoteric  and  is  be\  ond  the  scope  of  this  paper. 
In  short,  pubhc  key  cryptography  is  based  on  the  fact  that  the  onh'  way  to  factor  a  large  prune  product  (a 
very  large  number  derived  by  multiplying  two  large  pnme  numbers)  is  by  having  a  computer  calculate 
every  possible  combination  of  numbers  in  order  to  fmd  the  two  component  numbers.  If  the  component 
numbers  are  large  enough,  solving  the  equation  becomes  "computationally  intractable."  The  current 
generation  of  pubhc  key  cryptosystems  uses  numbers  so  large  that  it  would  take  extremely  powerful 
computers  years,  and  millions  of  dollars,  to  crack  a  suigle  public/pnvate  ke\  pair. 


Page  41 


Bob's  private  key  fonns  the  actual  digital  signature  for  the  message/*  Finalh  .  Bob  transmits 
both  the  digital  signature  and  his  original  message  to  Alice  (5).  If  Bob  also  wants  to  keep  his 
message  to  Alice  confidential,  he  could  encrvpt  tlie  message  using  Alice's  public  key  (not 
shown). 


Bob's  Message 


Buy  500  shares  of 
Acme 


Hash  Function 


3 

Message  Digest 

f  ^ 
195774223551719 


Bob's  Private  Key 


The  message  itself  may  or  mav  not  be  encrypted  for  confidentiality'  in  this  example  it  is  not. 


Digital  Signature 


Sl3l<9di5y76(?f9xl<4s 


I  Buy  500  Shares  Of  I 
Acme 

Message 


Sent  to  Alice 


Upon  receipt,  Ahce's  computer  and  software  would  perform  two  separate  operations  to  verify' 
Bob's  identity  and  to  determine  if  the  message  had  been  altered  in  transit.  As  a  practical 
matter  it  is  not  important  wliich  operation  is  performed  first.^  To  verify  Bob's  identit\.  Alice  s 
system  would  take  Bob's  digital  signature  (1)  and  tlien  use  Bob's  public  key  (2)  to  decrypt  the 
digital  signature,  which  will  produce  the  message  digest  (3).  If  this  operation  is  successful. 
Alice  knows  for  a  fact  tliat  Bob,  who  alone  has  access  to  liis  private  key,  must  have  sent  the 
message. 


In  order  to  ensure  that  Bob's  message  had  not  been  altered  in  transit  Alice  would  run  Bob's 
message  (4)  through  tlie  same  hash  function  (5)  that  Bob  used,  which  would  >ield  a  message 
digest  of  Bob's  message  (6).  Ahce  would  then  compare  the  two-message  digests  (7).  and  if 
they  were  the  same  she  would  know  for  a  fact  that  the  message  had  not  been  altered  in  transit. 


The  digital  signature  is  created  through  two  distinct  steps:  First,  the  message  digest,  created  through 
the  use  of  a  hash  function,  ensures  the  integritv'  of  the  content  of  the  intended  communication.  Second, 
the  use  of  the  pnvate  key  to  encr>pt  the  message  digest  authenticates  the  identitv'  of  the  person  sendmg 
the  message. 

The  two  operations  are  performed  upon  separate  documents.  One  upon  the  digital  signature,  an 
encrypted  message  digest,  and  the  other  upon  the  message  itself  Although  the  results  of  both  operations 
are  compared  against  each  other  to  obtain  a  true  verification,  it  is  irrelevant  which  operation  is 
performed  first. 


From  Bob 


Distal  Signature 


Sl3k9dj5y76djf9xk4s| 


Buy  500  shares  of 
Acme 


Message 


2 

Public  Key 


3 

Message  Digest 


95774223551719 


Hash  Function 


Compare 
Results 


Thus,  public  key  cryptography  allows  people  and  businesses  to  exchange  messages  over  open 
networks  with  a  higli  degree  of  confidence  tliat  tliose  messages  are  confidential  (unable  to  be 
read  by  unauthorized  persons),  authentic  (sender's  identit\  can  be  verified),  and  accurate  (the 
message  can  not  be  altered  without  detection).  TTiis  is  a  level  of  securit\  far  greater  tlian  tliat 
afforded  b>  ink  signatures.  This  technolog>'  can  enable  the  use  of  online  s\'stems  to  send  and 
receive  ta.x  returns,  purchase  orders,  mortgage  applications,  credit  card  orders,  and  an\  other 
type  of  sensitive  or  official  information  with  greater  security  than  if  the  transactions  w  ere 
conducted  on  paper. 


However,  nothing  said  so  far  would  rule  out  the  possibility  that  an  impostor  could  generate  a 
public/private  key  pair  and  then  post  the  public  key  on  tlie  Internet  claiming  it  belongs  to  Bob. 
Unaware  of  the  deception.  Alice  might  then  use  this  public  key  to  send  messages  that  the 
impostor,  but  not  Bob.  could  read.  Tlie  impostor  could  also  use  tlie  fake  pri\  ate  key  to 
digitally  sign  messages  that  Alice  would  assume  Bob  sent  because  they  can  be  decoded  using 
the  public  key  which  Alice  does  not  yet  realize  is  fraudulent.  In  order  to  prex  ent  tliis.  parties 
relying  on  digital  signatures  must  have  confidence  that  tlie  public  ke\  on  the  Internet  that 
purports  to  belong  to  Bob  is,  in  fact,  owned  by  liim.  This  function  is  performed  by  a  trusted 
tliird  part\'  known  as  a  certification  authority  (CA).  which  binds  tlie  identit>  of  a  particular 
part)  to  a  particular  public  key  and.  by  implication,  a  particular  private  key. 

CAs  do  this  by  issuing  a  digital  certificate.  A  digital  certificate  is  a  small  electronic  record 
that  (i)  identifies  the  CA  issuing  it,  (ii)  identifies  tlie  subscriber,  (iii)  contains  the  subscriber's 
public  ke\  ,  and  (iv)  is  digitally  signed  witli  the  CA  s  private  key.  Tlie  digital  certificate  can 
also  contain  additional  infonnation,  including  a  reliance  limit  or  a  reference  to  die  CA  s 
'  certification  practice  statement"  that  gives  relying  parties  notice  of  the  le\  el  of  inquin. 
conducted  by  the  CA  before  issuing  the  certificate. 

To  obtain  a  digital  certificate.  Bob  would  present  the  CA  with  a  copy  of  his  public  key  along 
with  sufficient  proof  of  his  identity  .  For  digital  certificates  that  could  be  used  for  larger 
transactions,  the  CA  might  charge  a  higher  fee  and  require  greater  proof  of  identity .  Once 
satisfied  as  to  the  identity  of  the  subscriber,  tlie  CA  y\ould  issue  tlie  subscriber  a  digital 
certificate.  Wlien  Bob  wants  to  use  his  digital  signature,  he  yvould  also  transmit  a  copy  of  liis 
digital  certificate  to  Alice.  In  addition  to  the  steps  described  above,  upon  receipt  of  Bob's 
message  Alice's  computer  would  also  confirm  yvitli  the  CA  identified  in  tlie  digital  certificate 
that  Bob  is  who  he  purports  to  be  and  tliat  his  certificate  lias  not  expired  or  been  revoked.  U 


Page  43 


Bob  learns  or  fears  that  his  private  key  has  been  compromised,  he  would  notify  his  CA  of  this 
fact  so  that  it  could  post  that  information  to  its  "certificate  revocation  list."  All  of  this  acti\'it> 
would  take  place  in  the  background,  unseen  and  unnoticed  by  Alice,  and  would  liappen  in 
much  the  same  way  as  it  occurs  with  online  credit  card  validation  systems. 

One  of  the  major  unanswered  questions  about  the  use  of  public  key  cr\ptograph\  for  digital 
signatures,  and  a  major  point  of  contention  between  advocates  of  different  types  of  electromc 
signature  laws,  relates  to  the  business  model  for  CA  services  that  will  ultimately  pre\ail  in  die 
marketplace.  A  Public  Key  Infrastructure  (PKl)  will  need  to  evolve  to  support  use  of  tins 
technology    While  advances  in  teclinology  will  certainly  create  new  possibilities  not 
presently  contemplated,  the  two  primary  business  models  currently  vying  for  support  are 
known  as  tlie  "open  PKl"  and  "closed  PKl"  models. 

An  open  PKl  model  assumes  that  subscribers  will  obtain  a  digital  certificate  from  a  CA  that 
will  seciu^ely  link  their  identity  to  their  public  key  for  all.  or  at  least  many,  purposes.  Thus,  in 
an  open  PKl  environment  a  person  could  obtain  a  digital  certificate  and  then  use  it  to  order 
goods  online  from  various  merchants,  sign  legally  binding  agreements,  or  even  file  documents 
with  a  government  entit> .  Subscribers  could  use  iheu-  certificate  for  an\  transaction  requiring 
a  digital  signature.  In  tlie  closed  PKl  model,  users  would  obtain  a  different  digital  certificate 
for  each  communit\  of  interests  witli  which  tliey  interact  onhne.  For  example,  a  user  could 
have  one  certificate  for  transactions  with  their  bank,  a  different  certificate  for  communications 
with  their  employer,  and  yet  another  certificate  for  dealings  with  tlieir  health  care  pro\  ider. 

The  difference  between  the  two  models  is  significant.  Under  an  open  PKl  model,  a  person's 
certificate  could  potentially  be  used  to  sign  any  docum.ent.  which  makes  tlie  consequences 
extremely  severe  if  tlie  user's  private  key  is  compromised.  In  a  closed  PKl,  on  the  other  hand, 
the  risks  to  the  user  and  the  CA  from  an  improperly  signed  document  are  more  limited  due  to 
the  system's  more  narrowly  defined  scope.  Furthermore,  tlie  members  of  a  particular 
community  within  a  closed  PKl  system  ma>  enter  into  agreements  that  define  the  rights  and 
responsibihties  of  the  members,  which  would  further  reduce  the  risks  and  imcertaint>  in  such 
a  sy  stem. 


Emerging  PKl  Standards 

Secure  Electronic  Transactions  (SET)  is  an  online  payment  standard  for  credit  cards.  It 
involves  the  use  of  X.509  certificates.  This  standard  is  not  wideh  used  at  tliis  time.  Other 
payment  methods  include  the  Cybercash  metliod,  E-Check  and  Millicent. 

The  Secure  Multipiupose  Internet  Mail  Extensions  (S/MIME)  standard  allows  e-mail  to  be 
digitally  signed  and  sent  witli  an  associated  public  ke\  certificate.  S/MIME  not  comes 
standard  with  Netscape  Communicator.  Secure  Sockets  Layer  (SSL)  comes  in  two  varieties: 
version  2  and  version  3.  Version  2  enables  point  to  point  encr\puon  between  a  bro\\  ser  and  a 
serxer.  This  accomplishes  message  confidentiaIit>'  while  tlie  data  is  in  transit  o\  er  the  Internet. 
Version  3  also  allows  for  the  exchange  of  certificates  betw  een  die  browser  and  ser\  er  and 
permits  authentication  based  on  tlie  information  contained  in  tliose  certificates.  SSL2  is 
widely  used  and  SSL3  is  becoming  more  popular.  Secure  HN-per  Text  Transfer  Protocol 
(S/HTTP)  is  an  http  level  hashed,  secured  and  sent  witli  tlie  respecti\  e  public  ke>  certificate. 
This  allows  for  any  data  Uiat  flows  between  a  browser  and  a  web  server  to  be  auUienticated 
and  confidential.  There  are  many  other  relex  ant  standards,  but  tliese  are  the  ones  tlie 
Commonwealth  has  dealt  witli  more  frequently. 


°  The  acronym  PKl  stands  for  Public  Key  Infrastructure,  reflecting  the  fact  that  the  use  of  digital 
signatures  based  on  public  key  crvptograph\  requires  an  elaborate  intrastructure  (technical,  business, 
policy,  and  legal)  to  support  their  use 


Page  44 


Non-PKI  Technology:  The  Importance  of  Maintaining  Options 

As  mentioned  earlier,  a  number  of  other  teclmologies  exist  to  achie\  e  electronic 
authentication.  One  ver>  important  teclmolog>  is  known  as  Signature  Dynamics.  It  is  a 
mechaiusm  for  tlie  secure  capuire.  management  and  x  erification  of  handw  ritten  signatures  b\ 
electronic  means. 

PenOp  was  the  only  company  to  reph  to  tlie  Task  Force  Request  for  Information  to  tlie 
vendor  communit\  that  implements  Signature  Dynamics.  PenOp  captures  signatures  simply 
and  rehably,  and  enables  tliem  to  be  securely  stored  and  safely  transported  between  different 
systems.  For  evidential  purposes.  PenOp  signatures  can  veriiy  the  autlienticit>  of  the 
transaction  on  which  they  were  signed;  PenOp  can  also  \  erif\  the  authenticit>  of  the  signature 
on  tlie  document  with  an  accuracv  and  speed  unparalleled  in  tlie  paper  domain.  In  so  doing. 
PenOp  satisfies  regulatory  and  legal  requirements  for  liandwritten  signatures. 

For  the  signator>  .  PenOp 's  major  attraction  is  the  familiarit>  of  submitting  tlieir  normal 
handwritten  signature  -  using  a  pen.  For  corporate  users,  tlie  main  benefit  is  that  they  can 
complete  business  processes  electronically,  achieving  major  cost  savings  by  reducing  the  need 
for  paper.  It  is  also  wortli  noting  tliat  PenOp  removes  the  need  for  passwords  and  PINs. 
public/private  key  pairs  or  certificates. 

The  California  Digital  Signature  Regulations  address  Signature  Dynamics  as  follows: 
California  Administrative  Code  Title  2.  CHAPTER  10. 
Section  22003(b)  List  of  Acceptable  Technologies 

The  tecluiolog\  known  as  "Signature  Dynamics"  is  an  acceptable  technology'  for  use  b>'  public 
entities  in  California,  provided  Uiat  the  signature  is  created  consistent  widi  Uie  pro\  isions  in 
Section  22003(b)(I)-(5). 

1  Definitions  -  For  the  purposes  of  Section  22003(b),  and  unless  tlie  context  expressly 
indicates  otherwise: 

A.  "Handwriting  Measurements"  means  tlie  metrics  of  the  shapes,  speeds  and/or  other 
distinguishing  features  of  a  signature  as  the  person  writes  it  by  hand  witli  a  pen  or  st>ius  on  a 
flat  surface. 

B.  "Signature  Digest"  is  the  resulting  bit-string  produced  when  a  signature  is  tied  to  a 
document  using  Signature  Dynamics. 

C.  "E.xpert"  means  a  person  with  demonstrable  skill  and  knowledge  based  on  training 
and  e.xperience  who  would  qualify'  as  an  expert  pursuant  to  California  Evidence  Code  §720. 

D.  "Signature  Dynamics"  means  measuring  tlie  way  a  person  writes  liis  or  her  signature 
by  hand  on  a  flat  surface  and  binding  the  measurements  to  a  message  througli  tlie  use  of 
cryptographic  teclmiques. 

2. California  Government  Code  §16.5  requires  that  a  digital  signature  be  unique  to  the  person 
using  it.  ■  A  signature  digest  produced  by  Signature  Dynamics  teclmology  may  be  considered 
unique  to  the  person  using  it.  if; 

A.  The  signature  digest  records  the  handwriting  measurements  of  the  person  signing  the 
document  using  signature  dynamics  teclmology .  and 

B.  tlie  signature  digest  is  cryptograpliically  bound  to  tlie  handwriting  measurements,  and 


Page  45 


C. after  the  signature  digest  has  been  bound  to  the  handwriting  measurements,  it  is 
computationally  infeasible  to  separate  the  handwriting  measurements  and  bind  them  to  a 
different  signature  digest. 

3.  California  Government  Code  §16.5  requires  that  a  digital  signature  be  capable  of 
verification.  A  signature  digest  produced  by  signature  dynamics  technology  is  capable  of 
verification  if: 

A.  the  acceptor  of  the  digitally  signed  message  obtains  the  liandwriting  measurements  for 
purposes  of  comparison,  and 

B.  if  signatiire  verification  is  a  required  component  of  a  transaction  with  a  public  entit> . 
the  handwriting  measurements  can  allow  an  expert  handwriting  and  document  examiner  to 
assess  the  authenticity  of  a  signature. 

4.  California  Government  Code  §16.5  requires  that  a  digital  signature  remain  "imder  the  sole 
control  of  the  person  using  it".  A  signature  digest  is  under  the  sole  control  of  the  person  using 
it  if: 

A.  the  signature  digest  captures  the  handwriting  measurements  and  cryptographically 
binds  them  to  the  message  directed  by  the  signer  and  to  no  otlier  message,  and 

B.  the  signature  digest  makes  it  computationally  infeasible  for  the  handwriting 
measurements  to  be  bound  to  any  other  message, 

5.  The  signature  digest  produced  by  signature  dynamics  technology  must  be  linked  to  the 
message  in  such  a  way  that  if  tlie  data  in  the  message  are  changed,  the  signature  digest  is 
invalidated. 


m 


Page  46 


Appendix  E:  ADA  and  Privacy  Policy  Discussions 
Americans  with  Disabilities  Act  (ADA) 

State  Agena  Web  sites  MUST  be  accessible  to  users  with  non-graphical  browsers.  Tlie 
following  excerpts  are  from  a  U.S.  Department  of  Justice  tecluiical  assistance  letter.  The  full 
letter  can  be  found  at  http://wwvv.usdoj.go\'/crt/foiaytal7 12.txt. 

♦  "The  Americans  with  Disabihties  Act  (ADA)  requires  State  and  local 
governments  and  places  of  public  accommodation  to  furnish  appropriate 
auxiliar\  aids  and  services  where  necessary  to  ensure  effective  communication 
with  individuals  with  disabilities." 

♦  "Covered  entities  that  use  the  Internet  for  communications  regarding  tlieir 
progranis,  goods,  or  services  must  be  prepared  to  offer  tliose  communications 
through  accessible  means  as  well." 

♦  "Instead  of  providing  full  accessibilit\  through  the  Internet  directly,  covered 
entities  may  also  offer  other  alternate  accessible  formats,  such  as  Braille,  large 
print  and/or  audio  materials,  to  communicate  the  information  contained  in  web 
pages  to  people  with  visual  impairments.  The  availabiht\  of  such  materials 
should  be  noted  in  a  texl  (i.e.,  screen-readable)  format  on  the  web  page,  along 
with  instructions  for  obtaining  the  materials,  so  that  people  with  disabilities 
using  the  Intemet  will  know  how  to  obtain  the  accessible  formats." 

In  brief,  there  are  three  major  areas  that  ma\'  cause  an  agenc>  web  site  to  be  non-compliant: 

1 .  Web  sites  that  use  frames  that  do  not  have  fiiUy  equivalent  access  methods  for  browsers 
that  do  not  support  frames.  (Texl-based  browsers  cannot  support  frames,  which  are  based 
on  the  concept  of  having  different  windows.) 

2.  Web  sites  that  post  information  in  PDF  format  without  providing  onlme  access  to  text 
equivalents  or  detailed  information  on  how  to  obtain  Braille  or  audio  versions.  Adobe  has 
set  up  a  service  (http://access.adobe.com/)  tliat  converts  PDF  to  HTML  either  on  tlie  fly 
or  as  an  e-mail  service.  Unfortunately,  it  has  been  firequently  unavailable  during  normal 
business  hours  in  the  past  few  weeks.  If  this  is  a  temporarv-  phenomenon,  including 
information  on  using  this  service  may  meet  a  Department's  ADA  compliance 
requirements. 

3.  Use  of  images  without  specifying  alternate  text  or.  in  the  case  of  image  maps,  alternate 
navigation  methods. 

Sarali  Bourne.  Task  Force  Member  and  Director  of  tlie  Commonwealtli's  Intemet  Services 
Group,  has  put  together  a  web  page  with  hnks  to  web  sites  tliat  can  help  agencies  test  tlieir 
pages  for  compliance.  Information  on  designmg  for  accessibilitv  and  general  information  on 
the  Americans  with  Disabilities  Act  is  also  av  ailable  at  this  site.  The  page  can  be  found  at 
http://vv^"vv. state. ma.us/webmass/ada.htm. 


Privacy 

There  is  an  inherent  tension  between  tlie  individual's  right  to  privacy  and  the  government's 
need  for  personal  infonnation.  the  dimensions  of  v\  liich  conflict  liav  e  evolv  ed  over  Lime  m 
response  to  changes  in  technology  and  government  s  role  in  society.  The  relatively  recent 
deployment  of  sophisticated  information  teclinologv  tools  in  tlie  service  of  the  pen  asive 
modem  state  has  raised  a  host  of  unique  vanations  on  tliis  historic  theme.  Tlie  follow  ing 


Page  47 


discussion  seeks  to  provide  context  for  thinking  about  the  privacy  issues  that  confront  the 
Commonwealtli,  a  description  and  assessment  of  our  current  policies,  and  some  suggestions 
for  improv  ements. 


Context 

Massachusetts  state  government  is  a  massive  service  deliver)  organization  widi  huge 
information  and  transaction  processing  operations.  In  conducting  tliese  operations,  the  state 
gathers,  uses,  and  disseminates  vast  amounts  of  information,  much  of  which  relates  to 
specific,  identifiable  individuals.  The  widespread  use  of  information  teclmolog>  means  tliat 
this  information  can  be  permanently  stored,  rapidl\  analyzed  and  extracted,  cross  matched 
with  other  digital  records,  copied  perfectly  an  unliimted  number  of  times,  and  transmitted 
almost  instantly.  This  digital  revolution  has  caused  a  qualitative  change  in  the  nature  and 
character  of  government  records,  as  well  as  a  quantitative  change  in  the  amounts  of 
information  the  government  collects  and  stores. 

Starting  in  tlie  early  1970s,  first  the  federal  government  and  then  the  states  responded  to  the 
introduction  of  mahrframe  information  systems  by  enacted  privacx'  statutes  Uiat  attempted  to 
strike  an  appropriate  balance  between  government's  need  for  information,  tlie  importance  of 
open  public  access  to  government  information,  and  die  protection  of  personal  privac> .  Since 
then,  the  PC  revolution  that  started  in  the  early  1 980s,  and  die  networking  revolution  of  the 
1990s,  have  significantly  altered  die  technical  base  upon  wliich  this  balance  was  struck.  These 
new  technologies  make  it  increasingly  possible  to  construct  virtual  dossiers  on  people 
composed  of  information  about  their  everv  interaction  with  any  government  agenc\ .  Even 
innocuous  personal  information  can  become  a  constituent  piece  in  a  much  more  in\  asive 
compilation  of  data.  The  impact  of  these  changes  on  what  is  ultimately  a  core  libertarian  \  alue 
requires  a  fresh  assessment  of  the  govenmient's  privacy  policies. 

One  of  the  problems  for  policy  makers  in  coming  to  grips  w  ith  privacy  issues  is  that  the 
subject  seems  to  crop  up  in  an  mcredible  vanety  of  contexts.  Part  of  Uiis  confusion  can  be 
eliminated  by  reahzing  that  "die  right  to  privacy,"  as  it  is  currently  understood,  lias  three 
fairly  distinct  branches: 

♦  Search  and  Seizure  Privacy.  The  oldest  and  most  exphcit  right  to  privac\  is  the 
constitutional  right  to  be  free  from  unreasonable  searches  and  seizures.  Tliis 
provision  apphes  only  to  government  action  and  generally  only  in  criminal  or 
regulator*'  matters.  Search  and  seizure  privacy  arises  m  die  context  of  house 
searches,  electronic  surveillance,  drug  tests,  drunk  driving  roadblocks,  and  the 
like. 

♦  Decisional  Privacy.  First  articulated  by  the  Supreme  Court  in  the  1960s  and 
1970s,  and  subsequently  found  in  the  Massachusetts  constitution  by  the  SJC, 
this  is  the  constitutional  right  to  be  free  from  unwarranted  govermnent 
mterference  when  making  certain  fundamental  personal  decisions.  Decisional 
prix  acy  arises  primarily  in  contraception,  abortion,  "right  to  die,"  and  sexual 
orientation  cases. 

♦  Informational  Privacy.  Originally  a  common  law  tort  doctrine,  imtil  pri\'ac> 
statutes  came  along  in  die  1970s,  informational  pri\  ac>'  concerns  die 
individual" s  right  to  control,  or  at  least  influence,  die  tenns  under  wliich 
personal  information  is  shared  w  idi  others.  Tlie  cluster  of  rights  falhng  under  die 
heading  of  informational  privac>  all  flow  from  die  belief  that  die  inherent 
dignit>'  and  worth  of  individuals  dictates  that  diey  have  a  central  sa\  in  how  Uiey 
choose  to  present  information  about  diemselves  to  die  world. 


Page  48 


Infoniiation  technolog>  lias  liad  an  impact  on  each  of  tliese  tliree  areas.  Ultimateh  .  however, 
its  greatest  impact  is  in  on  informational  privacy,  and  it  is  tins  particular  dimension  of  "the 
right  to  privacy"  tliat  is  the  focus  of  this  memo.  Government's  policies  on  mfomiational 
privacy  affect  not  only  taxpayers,  beneficianes.  and  customers  (broadly  speakmg).  but  also  its 
vendors  and  employees.  In  addition  to  rules  for  its  own  information,  tlie  government  can 
choose  to,  or  refiise  to.  regulate  tlie  mformation  practices  of  private  sector  entities  (both  profit 
and  nonprofit). 

In  evaluating  the  Commonwealth's  perfonnance  in  tliis  regard,  it  is  worth  remembering  three 
things.  First,  concerns  about  informational  privacy  are  widespread,  with  recent  surveys 
showing  that  80%  of  people  are  concerned  about  threats  to  personal  privacy  ,  and  that  a 
majority  believes  existing  laws  are  inadequate  and  need  to  be  tightened.  Second,  privacy  is  a 
subjective  concept:  25%  of  tlie  population  favors  sharp  restrictions  on  the  use  of  personal 
information,  another  18%  are  mostly  unconcerned  with  privacy  issues,  and  57%  are  privacy^ 
pragmatists  that  care  about  privacy  but  acknowledge  the  need  to  supply  personal  infoniiation 
in  exchange  for  other  values. 

Finally,  information  is  tlie  lifeblood  of  state  government's  operations  and  is  indispensable  in 
implementing  the  policy  choices  of  elected  leaders.  As  such,  restrictions  on  the  government  "s 
information  practices  (and  tliis  is  equally  true  of  restrictions  on  private  sector  practices) 
should  be  subject  to  a  cost/benefit  analysis.  For  example,  you  can't  provide  human  serv  ice 
benefits  effectively,  or  detect  fraud,  witliout  gatliering  a  great  deal  of  personal  information. 
Nor  can  you  tax,  regulate,  or  perform  a  host  of  other  government  services  without  such 
information.  And  you  can't  have  an  open,  accountable  government  without  allowing  broad 
public  access  to  govermnent  information.  So,  it  is  important  to  bear  in  mind  tliat  tlie  resolution 
of  most  of  the  issues  presented  here  requires  striking  tlie  correct  balance  rather  tlian  picking 
the  right  side. 

The  Current  Situation  in  Massachusetts:  Government  Information  Practices 
The  principal  laws  governing  the  government's  collection,  use,  and  dissemination  of  personal 
information  are  the  Public  Records  Law  (PRL)  the  Fair  Information  Practices  Act  (FEPA),  and 
a  host  of  restrictions  bound  throughout  the  General  Laws.  Massachusetts  also  has  a  privacy 
statute  (M.G.L.  c.  214,  s.  IB),  enacted  in  1974,  which  provides:  "A  person  shall  liave  a  nght 
against  unreasonable,  substantial  or  serious  interference  with  his  privacy."  The  SJC  has  said 
this  statute  codifies  the  common  law  privacy  torts,  but  it  is  of  little  relevance  for  government 
records  because  the  SJC  has  ruled  that  it  affords  less  privacy  protection  than  Uie  non- 
disclosure provisions  of  the  PRL.  Wliile  somewhat  convoluted  and  obscure,  tliis  combination 
of  laws  establishes  restrictions  on  the  use  of  personal  infomiation  that  are  more  robust  than 
those  of  many,  perhaps  most,  states.  Improvements  can  and  should  be  made,  but  it  is  not  true 
that  Massachusetts  lacks  a  statutory  framework  for  protecting  infomiational  privac\ . 

The  starting  point  for  considering  informational  privacy  is  the  PRL,  wliich  di\  ides  all 
government  information  into  public  and  non-public  records.  In  general,  all  go\  emnient 
records,  including  computer  files,  are  available  for  public  inspection  or  copying  unless  tliey 
fall  within  one  or  more  of  twelve  exemptions.  The  first  exemption  is  for  records  "specifically 
or  by  necessary  impUcation  exempted  from  disclosure  by  statute."  I  am  unaware  of  an> 
comprehensive  compilation  of  these  restrictions,  but  1  am  presenU>  working  my  w  a>  tlirough 
a  list  of  over  200  sections  of  the  General  Laws  Uiat  contain  the  words  "confidential"  or 
"confidentiality  "  and  over  50  sections  tliat  contain  tlie  word  "privacy." 

Next,  the  PRL  exempts  several  specific  types  of  records:  internal  personnel  rules  and 
practices,  policy  memoranda,  notebooks,  investigator)  records,  trade  secrets,  pre-selection 
procurement  documents,  real  property  appraisals,  information  on  licensed  giui  o\Miers,  test 
questions  and  answers,  and  healtli  care  contracts  between  public  entities  and  HMOs.  In 
addition  to  these  specific  restricUons,  tlie  PRL  exempts  "personnel  and  medical  files  or 


Page  49 


information;  also  an>  other  materials  or  data  relating  to  a  specificallv  named  individual,  the 
disclosure  of  w  liich  may  constitute  an  unwarranted  invasion  of  personal  pn\  acy  ."  This 
exemption  is  patterned  after  a  similar,  Uiough  more  narrowly  worded  exemption  in  the  federal 
Freedom  of  Infonnation  Act  that  applies  to  information  "which  would  constitute  a  clearly 
unwarranted  invasion  of  personal  privacy." 

The  meaning  and  interpretation  of  the  PRL's  personal  privacy  exemption  is  critical  because, 
as  will  be  seen  below,  there  are  no  restrictions  on  tlie  government's  collection,  use.  and 
dissemination  of  personal  information  tliat  is  deemed  to  be  public.  In  general,  the  SJC  and  the 
Supervisor  of  Public  Records  liave  taken  a  narrow  view  of  the  privacy  exemption,  ruling  that 
it  only  applies  to  "intimate  details  of  a  liighly  personal  nature.'"  Tlie  SJC  has  show  n  little 
inclination  to  view  more  mundane  types  of  personal  information  as  faUing  witliin  tlie 
exemption  even  tliough  the  U.S.  Supreme  Court  in  interpreting  die  seeimngh  more  narrow 
federal  exemption,  has  found  it  far  more  favorable  towards  privacy  rights. 

In  particular,  the  court  has  ruled  that  even  if  a  record  is  merely  a  compilation  of  public  facts 
(such  as  a  rap  sheet)  that  "does  not  mean  that  an  individual  has  no  interest  in  luniting 
disclosure  or  dissemination  of  the  information."  In  addition,  in  upholding  an  agency  "s  refusal 
to  provide  a  list  of  its  employee's  home  addresses  to  their  union,  the  court  ruled  tliat  "the  only 
relevant  public  interest  in  disclosure  to  be  weighed  in  this  balance  is  tlie  extent  to  wliich 
disclosure  would  serve  the  core  purpose  of  tlie  FOIA,  which  is  contributing  significantly  to 
public  understanding  of  the  operations  or  activities  of  the  government.  Tliat  purpose, 
however,  is  not  fostered  by  disclosure  of  infonnation  about  private  citizens  that  is 
accumulated  in  various  govenmiental  files  but  tliat  reveals  little  or  nothing  about  an  agency's 
own  conduct." 

There  are  no  restrictions  on  the  government's  collection,  use,  and  dissemination  of  personal 
information  that  does  not  fall  within  one  of  the  PRL's  exemptions.  The  law  containing  such 
restrictions  is  the  FfPA,  enacted  in  1975,  which  expressly  excludes  from  its  cov  erage  an> 
personal  data  contained  in  a  public  record.  For  non-pubhc  personal  data  tlie  FIPA  requires 
agencies  holding  such  data  to:  identify'  a  person  responsible  for  FIPA  compliance,  iiifomi  its 
employees  of  the  FIPA's  requirements;  not  allo\\  access  to  personal  data  unless  autlionzed  by 
statute  or  regulations  or  imless  approved  by  the  data  subject;  maintain  a  complete  record  of 
every  access  to  and  every  use  of  personal  data;  make  available  to  a  data  subject  a  hst  of  Uie 
uses  made  of  the  personal  data;  make  personal  data  available  to  a  data  subject;  establish 
procedures  for  data  subjects  to  contest  tlie  accuracy  of  their  data;  and  not  collect  or  maintain 
more  personal  data  tlian  is  needed. 


Page  50 


